Li Mo Publisher – 22% Detection Rate at VirusTotal

Welcome! Lately I’ve been looking on the digital signatures on those files that push various types of unwanted programs. This morning I found a new file called w3i_webssearches.exe, digitally signed by Li Mo.

Li Mo Publisher

You can see who the signer is when double-clicking on an executable file. Li Mo appears in the publisher field in the dialog that pops up. It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Li Mo certificate.

Li Mo Certificate

At the moment, 22% of the scanners detected the file. The w3i_webssearches.exe file is detected as Riskware.Agent! by Agnitum, PUP/Win32.SearchHijacker by AhnLab-V3, PUA.Win32.LiMo.bA by Baidu-International, Adware.Mutabaha.80 by DrWeb and Win32.Application.Elex.E by GData.

Li Mo VirusTotal

Did you also find a file digitally signed by Li Mo? What kind of download was it and where did you find it?

Thank you for reading.