Good evening! Lately I’ve been looking on the digital signatures on those files that push various types of unwanted programs. Right now I found a new file called FlashPlayer__6741_i1387048386_il2537.exe, digitally signed by Shetef Solutions & Consulting (1998) Ltd..
You can also look at the Shetef Solutions & Consulting (1998) Ltd. certificate and digital signature by looking under the Digital Signatures tab on the file’s properties. According to the certificate, Shetef Solutions & Consulting (1998) Ltd. is located in Rannana, Israel. The certificate appears to relatively new. Its validity began on the 13th of October.
The issue here is that if FlashPlayer__6741_i1387048386_il2537.exe really was an installer file for Flash Player, it should have been digitally signed by Adobe System Incorporated and not by some unknown company. This looks suspicious.
The VirusTotal report shows that the Shetef Solutions & Consulting (1998) Ltd. file should be avoided, since FlashPlayer__6741_i1387048386_il2537.exe is detected as Adware.Downware.8876 by DrWeb, Gen:Variant.Graftor.161610 by F-Secure and PUP.Optional.Amonetize by Malwarebytes.
Since the download was detected I decided to give it a try to see what it installed. During my test I could see Wajam, Salus – Net Protector and My Start Search install on my lab machine.
Did you also find a file digitally signed by Shetef Solutions & Consulting (1998) Ltd.? What kind of download was it and where did you find it?
Thanks for reading.