Hi there! Just a quick post this Friday evening. Did you see a file, such as setup.exe, on your system signed by IMALI – N.I. MEDIA TD? Then read on..
You can see who the signer is when double-clicking on an executable file. IMALI – N.I. MEDIA TD appears in the publisher field in the dialog that pops up.
It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the IMALI – N.I. MEDIA TD certificate.
The detection rate is only 1/54, that is 2%. The setup.exe file is detected as suspected of Trojan.Downloader.gen.h by VBA32. What do you think, is it a false positive or should the other anti-virus programs detect it?
Did you also find a IMALI – N.I. MEDIA TD file? Do you remember where you downloaded it?
Thank you for reading.
Update 2015-01-28: Found another file signed by IMALI – N.I. MEDIA TD. It’s called ESy1Avb1ax.exe and it is detected by 7 of the 57 anti-virus programs at VirusTotal:
Update 2015-02-16: Found another file, with a slightly different publisher name: “IMALI – N.I. MEDIA LTD“. The publisher is located in Ramat Gan, Israel according to the certificate. These are the detections (8/57):
- Avira TR/Dldr.Agent.443648
- AVware Trojan.Win32.Generic!BT
- GData Win32.Trojan.Agent.W8AUB8
- Ikarus Trojan-Downloader.Agent
- Qihoo-360 HEUR/QVM10.1.Malware.Gen
- Symantec Infostealer.Limitail
- TrendMicro-HouseCall Suspicious_GEN.F47V0210
- VIPRE Trojan.Win32.Generic!BT