Tag Archives: Spain

DIGITAL PLUGIN S.L.U – 53% Detection Rate – SoftPulse / Mikey / AdPlugin

Hello! Just a short note on a publisher called DIGITAL PLUGIN S.L.U.

DIGITAL PLUGIN S.L.U publisher

You can also view the certificate by right-clicking on the file, and looking under the Digital Signature tab: According to the certificate we can see that DIGITAL PLUGIN S.L.U is located in Santa Cruz, Tenerife in Spain and that the certificate is issued by thawte SHA256 Code Signing CA.

DIGITAL PLUGIN S.L.U certificate

After uploading the DIGITAL PLUGIN S.L.U file – Setup(1).exe – to VirusTotal, it was clear that it’s probably better to delete the file than running it. The detection rate was 53% and some of the detection names were: PUA.SoftPulse!, AdPlugin.FNB, Gen:Variant.Mikey.24388, Trojan.Domaiq.321, PUP.Optional.SoftPulse and HEUR/QVM11.1.Malware.Gen.

DIGITAL PLUGIN S.L.U anti-virus report

 

Did you also find a DIGITAL PLUGIN SLU file?

Thank you for reading.

Volvan Premium SL – 28% Detection Rate

Welcome! Was looking for some downloads to play around with and found one, digitally signed by Volvan Premium SL. The file is named google_chrome.exe.

Volvan Premium SL publisher

To view more information about the embedded certificate you can right-click on the file, then choose Properties and then select the Digital Signatures tab. According to the embedded certificate we can see that Volvan Premium SL is located in Barcelona, Spain and that the certificate is issued by VeriSign Class 3 Code Signing 2010 CA.

Volvan Premium SL certificate

The problem here is that if google_chrome.exe really was a setup file for Google, it would be digitally signed by Google Inc and not by some unknown company. This looks very suspicious.

So, why did I put up this blog post? Well, the thing is that the Volvan Premium SL file is detected by many of the anti-virus scanners, according to VirusTotal. F-Secure classifies google_chrome.exe as Gen:Variant.Application.Bundler, Malwarebytes calls it PUP.Optional.DomaIQ and McAfee calls it SoftPulse.a

Volvan Premium SL virustotal

When I ran the Volvan Premium SL file it offered a bunch of bundled softwares, such as Wajam, HostSecurePlugin, Salus, SpeedChecker and Super Optimizer.

Did you also find a Volvan Premium SL file? Do you remember where you downloaded it?

Thanks for reading.

Digital Plugin S.L Publisher – VirusTotal Detections

Sorry for not posting anything during the days. I’ve been having a few days off visiting friends and family. Before my time off I found another publisher called DIGITAL PLUGIN S.L that bundles some potentially unwanted programs. The file I found was called Player.exe and I could see DIGITAL PLUGIN S.L appear when double-clicking on the file.

Digital Plugin S.L Publisher

 

Update 2015-06-29: Found another download with the publisher name “Digital Plugin SL“.

Viewing the certificate information is also possible by looking under the digital signature tab for the file. Here the certificate says that DIGITAL PLUGIN S.L is located in Tenerife.

Digital Plugin S.L Certificate

Digital Plugin S.L Tenerife

 

And the certificate was issued by GlobalSign.

The reason for posting about DIGITAL PLUGIN S.L is that the file is detected by many of the anti-virus programs. Currently player.exe is detected by 13 of the 52 anti-virus scanners:

Digital Plugin S.L Virus Total detections

Hope you found this post useful.

Did you also find a download signed by DIGITAL PLUGIN S.L? What kind of download was it?

Update 2015-09-12: Today I noticed another download called google_chrome.exe, signed by Digital Plugin SL.

Digital Plugin SL cert again

 

This is another certificate, issued by VeriSign. VirusTotal reports a 19/57 detection ratio.