Monthly Archives: September 2015

LLC FOTO-TSENTR – 7% Detection Rate – QVM10.1.Malware.Gen / Amonetize

Welcome! Just a short post on a publisher called LLC `FOTO-TSENTR `. I just found a download named Moboroboexe__15022_i1619995140_il543480.exe that was digitally by this publisher, and it turns out that it is detected by some anti-virus programs.


You may see LLC `FOTO-TSENTR ` appear as the publisher when double-clicking on the Moboroboexe__15022_i1619995140_il543480.exe file. To view more information about the embedded certificate you can right-click on the file, then choose Properties and then select the Digital Signatures tab. According to the certificate we can see that LLC `FOTO-TSENTR ` seems to be located in Ukraine and that the certificate is issued by COMODO RSA Code Signing CA.


Here’s Comodo in the certificate chain:

LLC FOTO-TSENTR cert chain

The issue with the LLC `FOTO-TSENTR ` file is that it is detected by some of the anti-viruses. Here are some of the detection names: ADWARE/Amonetize.Gen, a variant of Win32/Amonetize.HU potentially unwanted and HEUR/QVM10.1.Malware.Gen.

LLC FOTO-TSENTR anti-virus report

Since you probably came here after finding a file that was digitally signed by LLC `FOTO-TSENTR `, please share what kind of download it was and if it was detected by the anti-malwares at VirusTotal.

Thank you for reading.

Update 2015-09-08: I found another file signed by LLC FOTO-TSENTR. The detection rate has increased to 13/56: