Tag Archives: Qudamah

Igor Menyalo – 41% Detection Rate – MultiPlug / Qudamah / Kazy

Hi there! Just a note on a publisher called Igor Menyalo. The Igor Menyalo download  was detected when I uploaded it to VirusTotal. Did you also find a download by Igor Menyalo? Was it also detected when you uploaded it to VirusTotal?

Igor Menyalo publisher

That’s how it looks when double-clicking on the file and Igor Menyalo appears as the publisher. It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Igor Menyalo certificate.

Igor Menyalo certificate

 

Igor Menyalo appears to be located in Russia.

TR/Crypt.XPACK.Gen, Gen:Variant.Adware.Kazy.611186, W32/S-0625bdde!Eldorado, PUP.Optional.MultiPlug and Trojan.Win32.Qudamah.Gen.0 are some detection names according to VirusTotal:

Igor Menyalo anti-virus report

I decided to run the Igor Menyalo signed file, and it offered three additional programs called PriceMinus, BestAdBlocker and MyPC Backup in the installer.

Did you also find an Igor Menyalo? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thank you for reading.

Rubin Sister – 16% Detection Rate – MultiPlug / Qudamah / Badur

Hello! I was playing around and testing some downloads when I found a file digitally signed by Rubin Sister.

Rubin Sister publisher

If you have a Rubin Sister file on your computer you may have noticed that Rubin Sister pops up as the publisher in the User Account Control dialog when running the file. The certificate is issued by Certum Code Signing CA.

Rubin Sister certificate

A variant of Win32/Adware.MultiPlug.JZ, Riskware/Badur, Trojan.Win32.Qudamah.Gen.7 and suspected of Heur.Malware-Cryptor.Multiplug are some detection names according to VirusTotal:

Rubin Sister anti-virus report

Did you also find an Rubin Sister? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thanks for reading.

TAIMED LLC – 2% Anti-Virus Detection Rate – Trojan.Win32.Qudamah

Hi there! Hope you are having a good saturday night. Just wanted to give you the heads up on files digitally signed by TAIMED LLC.

TAIMED LLC uac

Windows will display TAIMED LLC as the publisher when running the file. The certificate information can also be viewed from Windows Explorer. According to the certificate we can see that TAIMED LLC appears to be located in Lubertsy, Russia and that the certificate is issued by COMODO Code Signing CA 2.

TAIMED LLC certificate

So, why did I put up this blog post? Well, the thing is that the TAIMED LLC file is detected by a few of the antimalware scanners, according to VirusTotal. Tencent classifies Game_of_Thrones_S04E02_HDTV_x264-2HD[ettv].exe as Trojan.Win32.Qudamah.Gen.3

TAIMED LLC anti-virus report

In addition to that, if you run the file, it will install the Jelbrus Secure Web adware. I’m sure the other anti-virus program will detect this in a few days.

Did you also find a file digitally signed by TAIMED LLC? Where did you find it and are the anti-virus programs detecting it? I found it at The Pirate Bay. Please share in the comments below.

Thank you for reading.