Tag Archives: Ramat Gan

IMALI – N.I. MEDIA TD – Detection Rate: 1/54 – Legit or malware?

digital signature, ,

Hi there! Just a quick post this Friday evening. Did you see a file, such as setup.exe, on your system signed by IMALI – N.I. MEDIA TD? Then read on..

You can see who the signer is when double-clicking on an executable file. IMALI – N.I. MEDIA TD appears in the publisher field in the dialog that pops up.

IMALI - N.I. MEDIA TD publisher

It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the IMALI – N.I. MEDIA TD certificate.

IMALI - N.I. MEDIA TD certificate

The detection rate is only 1/54, that is 2%. The setup.exe file is detected as suspected of Trojan.Downloader.gen.h by VBA32. What do you think, is it a false positive or should the other anti-virus programs detect it?

IMALI - N.I. MEDIA TD virustotal

Did you also find a IMALI – N.I. MEDIA TD file? Do you remember where you downloaded it?

Thank you for reading.

Update 2015-01-28: Found another file signed by IMALI – N.I. MEDIA TD. It’s called ESy1Avb1ax.exe and it is detected by 7 of the 57 anti-virus programs at VirusTotal:

IMALI - N.I. MEDIA TD virus total detections

 

Update 2015-02-16: Found another file, with a slightly different publisher name: “IMALI – N.I. MEDIA LTD“. The publisher is located in Ramat Gan, Israel according to the certificate. These are the detections (8/57):

  • Avira TR/Dldr.Agent.443648
  • AVware Trojan.Win32.Generic!BT
  • GData Win32.Trojan.Agent.W8AUB8
  • Ikarus Trojan-Downloader.Agent
  • Qihoo-360 HEUR/QVM10.1.Malware.Gen
  • Symantec Infostealer.Limitail
  • TrendMicro-HouseCall Suspicious_GEN.F47V0210
  • VIPRE Trojan.Win32.Generic!BT

IMALI – N.I. MEDIA LTD anti-virus report - 14% Detection Rate