Tag Archives: Donetsk

LLC “TRUKONF SOFT” – 33% Detection Rate – AdLoad / PUP.Optional.Amonetize

Welcome! Just wanted to give you heads-up on suspicious file I found right now. The file is¬†digitally signed by LLC “TRUKONF SOFT”.

LLC TRUKONF SOFT publisher

This is how it looks when double-clicking on the file and LLC “TRUKONF SOFT” appears as the publisher. Viewing the certificate information is also possible by looking under the digital signature tab for the file. Here the certificate says that LLC “TRUKONF SOFT” is located in Ukraine.

LLC TRUKONF SOFT certificate

The reason I’m writing this blog post is that the LLC “TRUKONF SOFT” file is detected by many of the antimalware progams at VirusTotal. VBA32 names it SScope.Trojan.Zbot.gen, Baidu-International detects the file¬†as PUA.Win32.Amonetize.LI, Kaspersky calls it not-a-virus:Downloader.Win32.AdLoad.rppk, Sophos calls it Generic PUA JA (PUA), Panda reports PUP/Multitoolbar and Malwarebytes detects it as PUP.Optional.Amonetize.

LLC TRUKONF SOFT anti-virus report

Did you also find a LLC “TRUKONF SOFT” file?

Thank you for reading.