Tag Archives: DownloadAdmin

TEA TIME BISCUITS – 21% Detection Rate – DownloadAdmin / Jaik

August 16, 2015browser status barDownloadAdmin, Jaik, San Fransisco, USRoger Karlsson

Welcome! Just wanted to give you the heads up on a file called “additionaloffers-setup[1].exe” that’s digitally signed by TEA TIME BISCUITS.

I found this file on my lab machine after trying out a download from CNet’s Download.com site.

You can view the certificate shown above by right-clicking on the file, choosing properties and then clicking on the Digital Signatures tab. According to the embedded certificate we can see that TEA TIME BISCUITS seems to be located in San Fransisco, California, US and that the certificate is issued by VeriSign Class 3 Code Signing 2010 CA.

So, what the issue with the TEA TIME BISCUITS file? Just check out detection list by some of the anti-virus program:

F-Secure reports additionaloffers-setup[1].exe as Gen:Variant.Application.Jaik, GData detects it as Gen:Variant.Application.Jaik.8223 and Malwarebytes calls it PUP.Optional.DownloadAdmin.

Did you also find a TEA TIME BISCUITS file? Do you remember where you downloaded it?

Thank you for reading.

Trend Interactive – 19% Detection Rate – DownloadAdmin / Application.Jaik

August 10, 2015digital signatureCalifornia, DownloadAdmin, Jaik, US, VerisignRoger Karlsson

Hello! Just a short post before I call it a day. I found yet another file that bundled a bunch of unwanted programs, and the file was signed by Trend Interactive.

It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Trend Interactive certificate.

Versign has issued the certificate:

When I uploaded the Trend Interactive file to VirusTotal, it came up with a 19% detection rate. The file is detected as PUA/DownloadAdmin.Gen7 by Avira, Gen:Variant.Application.Jaik.8223 by BitDefender and Adware ( 004c86ce1 ) by K7GW.

Did you also find a file digitally signed by Trend Interactive? What kind of download was it and where did you find it?

Hope this blog post helped you avoid some unwanted software on your machine.

Thanks for reading.

Symbu LLC – 9% Detection Rate – DownloadAdmin / WebInstallBundle

February 1, 2015UncategorizedDownloadAdmin, WebInstallBundleRoger Karlsson

Hello! Was looking for some downloads to play around with and found one, digitally signed by Symbu LLC. The file is named freeallinonemediaplayer-setup.exe. You may see Symbu LLC appear as the publisher when double-clicking on the freeallinonemediaplayer-setup.exe file.

By examining the certificate, we can see that Symbu LLC is located in San Fransisco, the US. The certificate is issued by DigiCert SHA2 Assured ID Code Signing CA.

9% of the scanners detected the file when uploaded to VirusTotal. The freeallinonemediaplayer-setup.exe file is detected as Trojan.Win32.Atraps.b by ByteHero, Adware:W32/WebInstallBundle by F-Secure, Win32.Application.DownloadAdmin.A by GData and DownloadAdmin (fs) by VIPRE.

Did you also find a Symbu LLC file?

Hope this blog post helped you avoid some unwanted software on your machine.

Thank you for reading.

Broken Spoke Digital – 28% Detection Rate – DownloadAdmin / Downware

February 1, 2015digital signatureDownloadAdmin, DownwareRoger Karlsson

Hi there! Just a short post on a publisher called Broken Spoke Digital. You may see Broken Spoke Digital appear as the publisher when double-clicking on the installer_jdownloader_English.exe file.

Information about a digital signature and the certificate can also be found under the Digital Signature tab. According to the certificate we can see that Broken Spoke Digital is located in San Fransisco in US and that the certificate is issued by Go Daddy Secure Certificate Authority – G2.

When I uploaded the Broken Spoke Digital file to VirusTotal, it came up with a 28% detection rate. The file is detected as Riskware.Agent! by Agnitum, PUP/Win32.Downware by AhnLab-V3, Trojan/Win32.TSGeneric by Antiy-AVL, DownloadAdmin (fs) by AVware, Win.Adware.Downloadadmin by ClamAV, W32/S-92ce39bf!Eldorado by F-Prot, PUP.Optional.DownloadAdmin by Malwarebytes and DownloadAdmin (fs) by VIPRE.

Did you also find a Broken Spoke Digital file? Do you remember where you downloaded it?

Thanks for reading.

Sanflex – 33% Detection Rate – WebInstallBundle, DownloadAdmin and Artemis

November 14, 2014digital signatureartemis, DownloadAdmin, WebInstallBundleRoger Karlsson

Hello! Just a quick post on a file named installer_adobe_flash_player_Swedish.exe signed by Sanflex. The following screenshot shows the User Account Control dialog when running the Sanflex file:

By looking at the certificate we can see that Sanflex appears to be located in San Fransisco, United States of America.

The problem here is that if installer_adobe_flash_player_Swedish.exe really was a setup file for the official Adobe Flash Player, it would be digitally signed by Adobe Systems Incorporated and not by some unknown company. This looks very suspicious.

If you are considering to run the Sanflex signed file, I’ll advice you not to. Delete it instead. Just check out detection list by some of the anti-virus program. Big thanks to VirusTotal for the scan result.

F-Secure detects installer_adobe_flash_player_Swedish.exe as Adware:W32/WebInstallBundle, Fortinet reports Riskware/DownloadAdmin, Malwarebytes classifies it as PUP.Optional.DownloadAdmin and McAfee detects it as Artemis.

Did you also find a Sanflex file? What kind of download was it?

Thanks for reading.

Statscom – 16 % Detection Rate at VirusTotal

September 21, 2014digital signatureDownloadAdminRoger Karlsson

Hello, just a quick post on a publisher called Statscom. When I uploaded it to VirusTotal it came up with a 16% detection rate. DownloadAdmin is one of the detection names.

I decided to run the Statscom signed file, and it offered two other programs called FindWide Toolbar and AllGenius in the installer.

After running the installer Mozilla Firefox started to crash repeatedly 🙁