LLC “DEKA-SOFT” – 9% Detection Rate – PUA.Bundler.Amonetize / Trojan.Win32.Agent.dxmgor

Hi there! Was looking for some downloads to play around with and found one, digitally signed by LLC “DEKA-SOFT”:LLC DEKA-SOFT warning

You can see who the signer is when double-clicking on an executable file. LLC “DEKA-SOFT” appears in the publisher field in the dialog that pops up. It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the LLC “DEKA-SOFT” certificate.

LLC DEKA-SOFT cert

According to the certificate, DEKASOFT is located Ukraine. Comodo has issued the certificated back in July.

The reason I’m writing this blog post is that the LLC DEKA-SOFT file is detected by some of the anti-virus software at VirusTotal. Ikarus reports PUA.Bundler.Amonetize, ESET-NOD32 names the file as a variant of Win32/Amonetize.JT potentially unwanted, NANO-Antivirus calls it Trojan.Win32.Agent.dxmgor and Rising detects it as PE:Malware.RDM.14!5.14[F1].

LLC DEKA-SOFT anti-virus report

Did you also find a LLC “DEKA-SOFT” file? Do you remember where you downloaded it?

Thank you for reading.

9 thoughts on “LLC “DEKA-SOFT” – 9% Detection Rate – PUA.Bundler.Amonetize / Trojan.Win32.Agent.dxmgor

  1. Same detection with Norton on three games from the
    http://www.programas-gratis .net site in spanish.

    All the downloads have almost the same amount of bytes.

    Please check it out and tell me what to do.

    My Norton blocked it but I am not sure if it is so.

    Thanks.

  2. hxxp://direktindirme .com/en/6666/?k=Malwarebytes.Anti.Exploit&s=MjQ0fDQ3MDJ8RlJ8MnwxfGFsbHNvZnR3YXJlZG93bmxvYWQuY29tfFkyRjAqYkdGdVpHbHVaM00

  3. sir; I want to install another program but when I click on the setup file it begin this program and that program do’snot install. so plz guide me how I can solve this problem.

  4. Dear all

    found a .exe file certified by LLC “DEKA-SOFT” on this side

    hxxp://www.ebookpara .com/

    hxxp://bookportable .org/

    I am scared to use it. Pl tell whether it is safe or not?

  5. I tried to play an .mkv file using XVid, and a pop-up appeared saying I didn’t have the right codecs, and to download them HERE at this supposed XVid-sponsored site. I warily clicked, and just as alarms started popping up all over my screen the anti-virus program stopped the installation of LLC DEKA-SOFT. I’m guessing they’re involved with media downloads of some sort

Comments are closed.