Welcome! Just wanted to give you heads-up on suspicious file I found right now. The file is digitally signed by LLC “TRUKONF SOFT”.

This is how it looks when double-clicking on the file and LLC “TRUKONF SOFT” appears as the publisher. Viewing the certificate information is also possible by looking under the digital signature tab for the file. Here the certificate says that LLC “TRUKONF SOFT” is located in Ukraine.

The reason I’m writing this blog post is that the LLC “TRUKONF SOFT” file is detected by many of the antimalware progams at VirusTotal. VBA32 names it SScope.Trojan.Zbot.gen, Baidu-International detects the file as PUA.Win32.Amonetize.LI, Kaspersky calls it not-a-virus:Downloader.Win32.AdLoad.rppk, Sophos calls it Generic PUA JA (PUA), Panda reports PUP/Multitoolbar and Malwarebytes detects it as PUP.Optional.Amonetize.

Did you also find a LLC “TRUKONF SOFT” file?

Thank you for reading.