Category Archives: digital signature

HARASAN PRAPAPON Digital Signature – WARNING!

May 22, 2014digital signatureRoger Karlsson

I was looking around for some adware to install on my lab machine to test a new cleaning feature that I’m working on for the FreeFixer tool, when I stumbled on a file digitally signed by HARASAN PRAPAPON. I’m writing this post to warn you about the file. Typically the files is named after some popular TV-series or movie.

If you are hesitating with the following UAC prompt saying HARASAN PRAPAPON is the publisher, I strongly suggest you click the No button.

Tip: You can also check a digital signature by right-clicking on a file -> Properties -> Digital Signature.

So what’s the problem with the HARASAN PRAPAPON signed file? Here’s the detection results, which should convince you:

Malwarebytes PUP.Optional.OneClickDownloader.A
Kingsoft Win32.Troj.Generic.a.(kcloud)

I’m sure the other anti-virus programs will pick up this file sooner than later.

Did you also find a file signed by HARASAN PRAPAPON? What are the anti-virus programs calling it? (Hint: upload it to www.virustotal.com)

Anton Lemes Digital Signature – Don’t run that file

May 17, 2014digital signatureAnton LemesRoger Karlsson

Just wanted to give you heads-up on suspicious file I found right now. The file is digitally signed by Anton Lemes.

So, what’s the problem? Well, many of the anti-virus over at VirusTotal detects the Anton Lemes file. TSULoader, Kazy, InstalleRex, AntiFW are some of the detection names:

So, what ever you do, don’t run the Anton Lemes file. It will install a whole of unwanted software on your machine.

Where did you find the file with the Anton Lemes signature?

Sergey Petrov Digital Signature – Don’t Run The File

May 5, 2014digital signature, trojandigital signature, InstalleRex, sergey petrov, Trojan.WebPickRoger Karlsson

Recently I’ve been browsing around on some torrent sites to see what software downloads that are hiding behind the ads on these sites. One of the names that often shows up in the digital signature field is Sergey Petrov:

Sergey Petrov digital signature

You will also see Sergey Petrov listed as the verified publisher in the User Account Control dialog that pops up if you try to run the file:

The Sergey Petrov signed files often use names of known TV-series or movies to trick users into running the file.

The scan result from VirusTotal below clearly shows why you should immediately delete the Sergey Petrov file. It is detected under names such as InstalleRex and Trojan.WebPick. 17 of the 52 anti-virus programs detect the file:

Hope this saved you from some unnecessary malware cleaning. In case you’ve already run one of the Sergey Petrov signed files, you can examine your system with FreeFixer to make sure your computer is clean.