Hi there! Lately I’ve been looking on the digital signatures on those files that push various types of unwanted programs. This morning I found a new file called Player.exe, digitally signed by COnfirmED APp nLn.
The following screenshot shows the User Account Control dialog when running the COnfirmED APp nLn file:
You can also check the digital signature under the file’s properties. According to the certificate we can see that COnfirmED APp nLn seems to be located in Ireland and that the certificate is issued by thawte SHA256 Code Signing CA.
The problem with the COnfirmED APp nLn file is that it is detected by many of the antivirus progams. Here are some of the detection names: Downloader.LIR, PUA.OutBrowse.A and Adware-OutBrowse.g.
Since you probably came here after finding a file that was signed by COnfirmED APp nLn, please share what kind of download it was and if it was detected by the antivirus scanners at VirusTotal.
Thank you for reading.