Tag Archives: San Fransisco

TEA TIME BISCUITS – 21% Detection Rate – DownloadAdmin / Jaik

browser status bar, , ,

Welcome! Just wanted to give you the heads up on a file called “additionaloffers-setup[1].exe” that’s digitally signed by TEA TIME BISCUITS.

TEA TIME BISCUITS certificate

 

I found this file on my lab machine after trying out a download from CNet’s Download.com site.

You can view the certificate shown above by right-clicking on the file, choosing properties and then clicking on the Digital Signatures tab. According to the embedded certificate we can see that TEA TIME BISCUITS seems to be located in San Fransisco, California, US and that the certificate is issued by VeriSign Class 3 Code Signing 2010 CA.

So, what the issue with the TEA TIME BISCUITS file? Just check out detection list by some of the anti-virus program:

F-Secure reports additionaloffers-setup[1].exe as Gen:Variant.Application.Jaik, GData detects it as Gen:Variant.Application.Jaik.8223 and Malwarebytes calls it PUP.Optional.DownloadAdmin.

TEA TIME BISCUITS anti-virus report

Did you also find a TEA TIME BISCUITS file? Do you remember where you downloaded it?

Thank you for reading.

TRUSTED INSTALL SOFTWARE – Generic.AA1 or False Positive?

digital signature,

Hi there! Just a quick post on a file named finaltorrent-setup.exe digitally signed by TRUSTED INSTALL SOFTWARE.

TRUSTED INSTALL SOFTWARE publisher

Typically you’d see the TRUSTED INSTALL SOFTWARE publisher name appear when double-clicking on the finaltorrent-setup.exe file: It’s possible to view additional information about the certificate by right-clicking on the file, choosing properties and then clicking on the Digital Signatures tab. According to the certificate we can see that TRUSTED INSTALL SOFTWARE is located in San Fransisco in US and that the certificate is issued by VeriSign Class 3 Code Signing 2010 CA.

TRUSTED INSTALL SOFTWARE cert

So, what’s the problem here? Well, AVG detects this as Generic.AA1. All the other anti-virus programs over at VirusTotal did not detect the file. Could AVG’s detection be a false positive? What do you think?

TRUSTED INSTALL SOFTWARE virustotal

Did you also find a file signed by the same publisher? Does the scanners at VirusTotal detect it?

Thanks for reading.

SAFE INSTALL SOFTWARE – 18% Detection Rate At VirusTotal

Uncategorized,

Hello readers! Lately I’ve been looking on the digital signatures on those files that push various types of unwanted programs. This morning I found a new file called finaltorrent-setup.exe, digitally signed by SAFE INSTALL SOFTWARE.

SAFE INSTALL SOFTWARE publisher

This is how it looks when double-clicking on the file and SAFE INSTALL SOFTWARE appears as the publisher. Information about a digital signature and the certificate can also be found under the Digital Signature tab. According to the certificate we can see that SAFE INSTALL SOFTWARE is located in San Fransisco in US and that the certificate is issued by VeriSign Class 3 Code Signing 2010 CA.

SAFE INSTALL SOFTWARE certificate

These are the current VirusTotal detections for the file. DownloadAdmin (fs), Trojan.Win32.Atraps.b, Trojan.Graftor and DownloadAdmin (fs) as a few of the detection names for the finaltorrent-setup.exe file.

SAFE INSTALL SOFTWARE virus total report

Did you also find a file digitally signed by SAFE INSTALL SOFTWARE? What kind of download was it and where did you find it?

Thank you for reading.