Sambamedia LLC – 26% Detection Rate – SoftPulse / Domaiq / Mikey

Hello! Short on time today, but I just wanted to give you the heads up on a publisher called Sambamedia LLC.

Sambamedia LLC publisher

Windows will display Sambamedia LLC as the publisher when running the file. It’s possible to view additional information about the certificate by right-clicking on the file, choosing properties and then clicking on the Digital Signatures tab. According to the certificate we can see that Sambamedia LLC is located in Wilmington, Delaware in US and that the certificate is issued by VeriSign Class 3 Code Signing 2010 CA.

Sambamedia LLC certificate

 

The certification path, which shows VeriSign at the root:

Sambamedia LLC certificate chain

The issue here is that if google_chrome.exe really was a setup file for Google Chrome, it should have been digitally signed by Google Inc. and not by some unknown company. I think this looks suspicious. Here’s how the authentic Google Chrome looks like when you double click on it. Notice that the “Verified publisher” says “Google Inc”.

Chrome Google Inc publisher

The issue with the Sambamedia LLC file is that it is detected by many of the anti-malware progams. Here are some of the detection names: Riskware.Agent!, PUA/SoftPulse.oanu, W32.HfsAdware.7208, Trojan.Domaiq.302, Gen:Variant.Mikey.22953 (B), a variant of Win32/SoftPulse.AJ potentially unwanted and Gen:Variant.Mikey.22953.

Sambamedia LLC ant-virus report

Did you also find a Sambamedia LLC file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thank you for reading.

Leave a Reply

Your email address will not be published.