Just wanted to give you the heads up on files digitally signed by OOO “Finans Servis”.

The OOO “Finans Servis” certificate shows that the publisher is located in Moscow in Russia.

The problem here is that the OOO Finans Servis was promoted as an update for Adobe’s Flash Player. If adobe_flash_setup.exe really was a setup file for Adobe Flash Player, it should be digitally signed by Adobe Systems Incorporated and not by some unknown company located in Moscow.

9% of the anti-malware scanners detected the file. PUP.Optional.InstallCore and BehavesLike.Win32.CryptInno.bc were two of the detection names. I think we will see the other anti-virus programs add this one to the detection list soon.

Since you probably came here after finding a file that was digitally signed by OOO Finans Servis, please share what kind of download it was and if it was detected by the anti-malwares at VirusTotal.

Thanks for reading.

Hello readers! Just found yet another interesting file, this time signed by STMSetup. The following screenshot shows the User Account Control dialog when running the STMSetup file:

You can also view the certificate by right-clicking on the file, and looking under the Digital Signature tab: According to the embedded certificate we can see that STMSetup appears to be located in Tel-Aviv in Israel and that the certificate is issued by COMODO Code Signing CA 2.

What caught my attention was that the download was called Skype_Setup.exe. This might look like an official Skype download, but it is not. If it was an official download, it would be digitally signed by Skype Software Sarl. Here’s how the official Skype signature looks like:

So, what does VirusTotal say about Skype_Setup.exe? BehavesLike.Win32.CryptInno.bc, Install Core Click run software and InstallCore (fs) are some detection names:

Did you also find a STMSetup file?

Thanks for reading.