MicroNames Ltd. - 70% Detection Rate *

Did you just stumble upon a download or a file on your computer that has been digitally signed by MicroNames Ltd.? Some of the security products refers to the detected files as Gen:Variant.Razy.91473 and Gen:Variant.Razy.38327. The detection rate for the MicroNames Ltd. files collected here is 70%. Please read on for more details.

You will probably notice MicroNames Ltd. when running the file. The publisher name is displayed as the "Verified publisher" in the UAC dialog as the screencap shows:

Screenshot where MicroNames Ltd. appears as the verified publisher in the UAC dialog

You can view the additional details from the MicroNames Ltd. digital signature with the following steps:

  1. Open up Windows Explorer and locate the MicroNames Ltd. file
  2. Right-click the file and select Properties
  3. Click the Digital Signatures tab
  4. Click on the View Certificate button

Here's a screencap of a file digitally signed by MicroNames Ltd.:

Screenshot of the MicroNames Ltd. certificate

As you can see in the screenshot above, Windows reports that "This digital signature is OK". This implies that the file has been published by MicroNames Ltd. and that the file has not been tampered with.

If you click the View Certificate button shown in the screenshot above, you can see all the details of the certificate, such as when it was issued, who issued the certificate, how long it is valid, and so on. You can also examine the address for MicroNames Ltd., such as the street name, city and country.

Thawte Code Signing CA - G2 has issued the MicroNames Ltd. certificates. You can also view the details of the issuer by clicking the View Certificate button shown in the screenshot above.

MicroNames Ltd. Files

The following are the MicroNames Ltd. files I've collected, thanks to the FreeFixer users.

Detection RatioFile Name
42/57conv.exe
40/56MicroProCon.exe
37/57DeleteSetup.exe
41/57guardsupport.exe

Scanner and Detection Names

Here is the detection names for the MicroNames Ltd. files. I've grouped the detection names by each scanner engine. Thanks to VirusTotal for the scan results.

ScannerDetection Names
AVGGeneric5.AJSJ, MicroNames Ltd.481
AVwareTrojan.Win32.Generic!BT, Hebogo
Ad-AwareGen:Variant.Adware.Kazy.303185, Gen:Variant.Adware.Zusy.164797, Gen:Variant.Razy.38327, Gen:Variant.Razy.91473
AegisLabAdWare.W32.Agent.lpCH, Adware.W32.Hebogo|2|103!c
AgnitumPUA.Hebogo!
AhnLab-V3PUP/Win32.GuardConvert, PUP/Win32.MicroLab, Win-PUP/Guardconvert.778112
Antiy-AVLGrayWare[AdWare]/Win32.Hebogo.qj, GrayWare[AdWare:not-a-virus]/Win32.Hebogo, GrayWare[AdWare]/Win32.Hebogo.aci
ArcabitTrojan.Adware.Kazy.D4A051, Trojan.Razy.D95B7, Trojan.Razy.D16551
AvastWin32:Adware-ADL [PUP], Win32:Adware-ADK [PUP]
AviraSPR/Tool.146904.2, ADWARE/Hebogo.110056.17, ADWARE/Hebogo.735064, TR/Samca.3282313
BaiduWin32.Trojan.WisdomEyes.151026.9950.9987
Baidu-InternationalAdware.Win32.Hebogo.cc, Adware.Win32.Hebogo.A
BitDefenderGen:Variant.Adware.Kazy.303185, Gen:Variant.Adware.Zusy.164797, Gen:Variant.Razy.38327, Gen:Variant.Razy.91473
BkavW32.HfsAdware.31C8
CAT-QuickHealPUA.Micronames.Gen
ComodoApplicUnwnt.Win32.AdWare.Hebogo.STA, ApplicUnwnt
CyrenW32/Hebogo.B.gen!Eldorado, W32/Hebogo.C.gen!Eldorado, W32/Hebogo.A.gen!Eldorado
DrWebAdware.Hebogo.4, Adware.Hebogo.3, Trojan.MulDrop5.8233
ESET-NOD32a variant of Win32/Adware.Hebogo.A, a variant of Win32/Adware.Hebogo, Win32/Adware.Hebogo.D
EmsisoftGen:Variant.Adware.Kazy.303185 (B), Gen:Variant.Adware.Zusy.164797 (B), Gen:Variant.Razy.38327 (B), Gen:Variant.Razy.91473 (B)
F-ProtW32/Hebogo.B.gen!Eldorado, W32/Hebogo.C.gen!Eldorado, W32/Hebogo.A.gen!Eldorado
F-SecureGen:Variant.Adware.Kazy, Gen:Variant.Razy.38327, Gen:Variant.Razy.91473
FortinetAdware/Hebogo, W32/Hebogo, Riskware/Hebogo
GDataGen:Variant.Adware.Kazy.303185, Gen:Variant.Adware.Zusy.164797, Gen:Variant.Razy.38327, Gen:Variant.Razy.91473
IkarusAdWare.Win32.Hebogo, PUA.Hebogo
Invinceavirus.win32.sality.at
JiangminAdWare/Hebogo.es, AdWare/Hebogo.xm
K7AntiVirusAdware ( 004a0ebe1 ), Adware ( 004b77c31 )
K7GWAdware ( 004a0ebe1 ), Adware ( 004b77c31 )
Kasperskynot-a-virus:AdWare.Win32.Hebogo.qj, not-a-virus:AdWare.Win32.Hebogo.vji, not-a-virus:AdWare.Win32.Hebogo.aci
MalwarebytesAdware.Hebogo
McAfeeArtemis!50F5A52A5921, Artemis!D2351FBF9C94, Artemis!FBAF9545522D, Artemis!327920D0A308
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.cm, Artemis!PUP
MicroWorld-eScanGen:Variant.Adware.Kazy.303185, Gen:Variant.Adware.Zusy.164797, Gen:Variant.Razy.38327, Gen:Variant.Razy.91473
MicrosoftAdware:Win32/Hebogo
NANO-AntivirusRiskware.Win32.Hebogo.dwtfse, Riskware.Win32.Hebogo.dvtotq
PandaTrj/Genetic.gen, Generic Suspicious
Qihoo-360HEUR/QVM03.0.Malware.Gen
RisingMalware.Undefined!8.C-CKjmWRbQTwD (cloud)
SUPERAntiSpywarePUP.Hebogo/Variant
SophosGeneric PUA GI (PUA), Hebogo Adware (PUA), Generic PUA PN (PUA), Generic PUA GJ (PUA)
SymantecSecurityRisk.Downldr, Trojan.Gen.2, Heur.AdvML.C
TencentWin32.Adware.Hebogo.Wofl, Win32.Adware.Hebogo.Ligv
TotalDefenseHeur/TrojanHorse.ZCLW!suspicious
TrendMicroTROJ_GEN.R0EBC0EJR15, TROJ_GEN.R00XC0VI815, TROJ_GEN.R047C0EDR16, TROJ_GEN.R0CBC0UHT16
TrendMicro-HouseCallTROJ_GEN.R0CBC0UHT16
VBA32AdWare.Hebogo, TScope.Trojan.VB
VIPRETrojan.Win32.Generic!BT, Hebogo
ViRobotAdware.Agent.146904.O[h], Adware.Agent.110056.N[h], Adware.Hebogo.735064[h], Adware.Hebogo.778112[h]
YandexAdware.Hebogo!p+Jr/K2bCIY
ZillyaAdware.DownloadWareCRT.Win32.896, Adware.HebogoCRTD.Win32.1786

* How the Detection Percentage is Calculated

The detection percentage is based on that I have collected 227 scan results for the MicroNames Ltd. files. 160 of these scan reports came up with some sort of detection. You can review the full details of the scan reports by examining the files listed above.

Analysis Details

The analysis is based on certificates with the following serial numbers:

Comments

No comments posted yet.

Leave a reply