Tag Archives: Certum

Semen Korzuba – VirusTotal: 33% Detection – MultiPlug, Trj/Genetic.gen

Hello! Just a short post before I call it a day. I found yet another file that bundled a bunch of unwanted programs, and the file was signed by Semen Korzuba.

Semen Korzuba warning

Windows will display Semen Korzuba as the publisher when running the file. The certificate is issued by Certum Code Signing CA.

Semen Korzuba cert chain Semen Korzuba certificate

The VirusTotal report shows that the Semen Korzuba file should be avoided, since Download Uc Browser V Handler Zip.exe is detected as TR/Dropper.Gen by Avira, a variant of Win32/Adware.MultiPlug.NU by ESET-NOD32, PUP.Optional.Multiplug by Malwarebytes, Trj/Genetic.gen by Panda and MultiPlug (v) by VIPRE.

Semen Korzuba anti-virus report

Did you also find a file digitally signed by Semen Korzuba? Where did you find it and are the anti-virus programs detecting it? Please share in the comments below.

Thanks for reading.

Vladimir Suvorov – 46% Detection – InstalleRex / MPlug / MultiPlug

Hi there! Just a note on a publisher called Vladimir Suvorov. The Vladimir Suvorov download – Download Uc Browser V Handler Zip.exe – was detected when I uploaded it to VirusTotal. Did you also find a download by Vladimir Suvorov? Was it also detected when you uploaded it to VirusTotal?

Here how Vladimir Suvorov appears in the UAC dialog when double-clicking on the Download Uc Browser V Handler Zip.exe file:

Vladimir  Suvorov publisher

The certificate is issued by Certum Code Signing CA and mr. Suvorov is located in Poland:

Vladimir  Suvorov certum Vladimir  Suvorov certificate

The problem with the Vladimir Suvorov file is that it is detected by many of the anti-viruses. Here are some of the detection names: Generic6.BRAN, W32/S-a2e0b166!Eldorado, Gen:Variant.Adware.MPlug, SoftwareBundler:Win32/InstalleRex and MultiPlug (v).

Vladimir Suvorov anti-virus report

Did you also find a Vladimir Suvorov file?

Thank you for reading.

Taras Lapin – 16% Detection Rate According to VirusTotal

Hi there! If you’ve been following me for the last year you know that I’ve been examining many software publishers that put a digital signature on their downloads. Today I found another publisher called Taras Lapin.

Taras Lapin publisher

If you have a Taras Lapin file on your machine you may have noticed that Taras Lapin is displayed as the publisher in the UAC dialog when double-clicking on the file.

Taras Lapin certificate

The certificate is issued by Certum Code Signing CA.

Taras Lapin certum

9 of the scanners detected the file. Some of the detection names for the Download Uc Browser V Handler Zip.exe file are Trojan.Crossrider1.45643, PUA.Multiplug, Multiplug-FAJ and MultiPlug (v).

Taras Lapin anti-virus report

Did you also find an Taras Lapin? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thanks for reading.

MICHAIL SUDAREV – 16% Anti-Virus Detection Rate

Hello readers! Did you just find a file that’s digitally signed by MICHAIL SUDAREV and came here to find more about it?

MICHAIL SUDAREV publisher

Windows will display MICHAIL SUDAREV as the publisher when running the file. The certificate is issued by Certum Code Signing CA.

MICHAIL SUDAREV SPD CGISOFT ltd. certificate

The cert mentions SPD CGISOFT ltd. Certum Trusted Network CA is the root in the certificate chain:

MICHAIL SUDAREV Certum

So, what does the anti-virus programs say about the MICHAIL SUDAREV file? No problem, I just uploaded the file to VirusTotal and it turned out that some of the anti-virus programs detects the MICHAIL SUDAREV file, with names such as Win32:Evo-gen [Susp], TR/Crypt.XPACK.Gen, SoftwareBundler:Win32/InstalleRex and MultiPlug (v).

MICHAIL SUDAREV anti-virus report

Did you also find a MICHAIL SUDAREV download? What kind of download was it?

Hope this blog post helped you avoid some unwanted software on your machine.

Thank you for reading.

Simon Leshchuk – 39% Detection – MPlug / MultiPlug says VirusTotal

Hello readers! Just a short note on a publisher called Simon Leshchuk.

Simon Leshchuk publisher

It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Simon Leshchuk certificate. Simon is located in Ukraine.

Simon Leshchuk cert

The Certum CA has issued the certificate to mr Leshchuk as you can see in the certification path below:

Simon Leshchuk path

The reason for posting about Simon Leshchuk is that the file is detected by many of the anti-virus programs. Arcabit detects Download.exe as Trojan.Adware.MPlug.65, Avira detects it as TR/Crypt.XPACK.Gen, F-Secure calls it Gen:Variant.Adware.MPlug, K7AntiVirus calls it Unwanted-Program ( 004c5f5e1 ) and Malwarebytes detects it as PUP.Optional.Multiplug.

Simon Leshchuk anti-virus report

Did you also find a Simon Leshchuk file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thanks for reading.