Welcome! If you are a regular here on the FreeFixer blog you know that I’ve been looking on the certificates used to sign files that bundled various types of unwanted software. Today I found another certificate, used by a publisher called Best Standard (Fried Cookie Ltd.).
To get more details on the publisher, you can view the embedded certificate by right-clicking on the file, and looking under the Digital Signatures tab. According to the certificate we can see that Best Standard (Fried Cookie Ltd.) seems to be located in Tel Aviv, Israel and that the certificate is issued by GlobalSign CodeSigning CA – G2.
What caught my attention was that the download was called Skype_Setup.exe. This might look like an official Skype download, but it is not. If it was an official download, it would have been signed by Skype Software Sarl. Here’s how the authentic Skype looks like when you double click on it. Notice that the “Verified publisher” says “Skype Software Sarl”.
When I uploaded the Best Standard (Fried Cookie Ltd.) file to VirusTotal, it came up with a 9% detection rate. The file is detected as Application.Win32.FriedCookie.CIRK by Comodo, a variant of Win32/InstallCore.WX potentially unwanted by ESET-NOD32 and InstallCore (fs) by VIPRE.
Did you also find a file digitally signed by Best Standard (Fried Cookie Ltd.)? Where did you find it and are the anti-virus programs detecting it? Please share in the comments below.
Thank you for reading.