Tag Archives: Adware.Downware

Wilmaonline LTD – VirusTotal and Bundling Report

Found a file this morning, claiming to be a Flash Player setup file. However, the file was not digitally signed by Adobe, which is the publisher of the Flash Player. Instead it was signed by a company called Wilmaonline LTD. which made it look suspicious.

Wilmaonline LTD. publisher

According to the certificate that is embedded in the file, Wilmaonline is a company located in Israel.

Wilmaonline LTD. certificate

So, what does the anti-virus programs say about the Wilmaonline file? No problem, I just uploaded the file to VirusTotal and it turned out that many of the anti-virus programs detects the Wilmaonline file, with names such as Adware.Downware and PUP.Optional.Amonetize.

Wilmaonline LTD  Virus Total Report - PUP.Optional.Amonetize, Adware.Downware

To see more in details what changes the Wilmaonline file would do on a user’s computer I decided to run the file on my lab machine. The following InstallPath installer appeared, where “Flash Player”, Dolphin Deals, Flow Surf, Webssearches and OffersWizard selected for installation by default. This is probably the reason why the anti-virus programs detects the Wilmaonline file, in addition to using Adobe’s Flash trademark.

Wilmaonline LTD. - installer for Flash Player, Dolphin Deals, Flow Surf, Webssearches, OffersWizard

Did you also find a file digitally signed by Wilma Online? What kind of download was it and where did you find it?

Update 13 Sep 2014: Thought I should follow up on this one. The Wilmaonline signed files are still being distributed. They are promoted as Flash Players, chess games, Ask.FM trackers, keygens, cracks, etc. The installer file includes lots of bundled programs, but for unknown reasons, nothing is installed when I click through the installer. Did you also see this behaviour, or did it install the bundled programs on your machine? The anti-virus programs have improved their detection rates somewhat for the WilmaOnline files:

  • 18/54 – FlashPlayersetup__2570_i1300328638_il1783.exe
  • 15/52 – Chess Titans setup__6670_il4710.exe
  • 15/55 – Ask Fm Tracker 2014 Downloader__3687_i1301881522_il2700510.exe
  • 14/55 – Keygen Installer__9167_il260.exe

Artur Kozak Publisher – Digital Signature Warning!

Lately I’ve been looking on the digital signatures on those files that push various types of unwanted programs. This morning I found a new file in the FreeFixer database called digital-photo-2013-11-nov.pdf.exe, digitally signed by Artur Kozak.

You can see who the signer is when double-clicking on an executable file. Artur Kozak appears in the publisher field in the dialog that pops up. You can also see the Artur Kozak certificate under the digital signature tab.

So, why am I warning you about the Artur Kozak file? Check out what the anti-virus programs report about the file:


TSULoader, InstalleRex, Win32.Adload and Adware.Downware are some of the detection names reported by the anti-virus scanners.

Hope this helped you avoid getting some unwanted programs on your machine.

Where did you find the Artur Kozak file? What was the file called?

Boris Burkin Publisher – WARNING

Just a short post before I call it a day. I found yet another file that bundled a bunch of unwanted programs, and the file was signed by Boris Burkin. Typically you’d see the Boris Burkin publisher name appear when double-clicking on the file:

Boris Burkin Publisher

You will also see Boris Burkin appear if you check the file’s digital signature.

Boris Burkin Digital Certificate

Boris Burkin, kyiv, kyivska

If you are considering to run the Boris Burkin signed file, I’ll advice you not to. Delete it instead. Just check out detection list by some of the anti-virus program:


The anti-virus program calls the file Trojan.AntiFW, InstalleRex, Adware.Downware, Win32.InfoLeak, Downloader.AdLoad, etc.

Did you also find a file digitally signed by Boris Burkin? Where did you find it and are the anti-virus programs detecting it? Please share in the comments below.