Just wanted to let you know about a publisher called Symbolicom Holdings Limited before going back to writing some code for FreeFixer. When I uploaded the Symbolicom Holdings Limited file, named adobe_flash_player.exe, to VirusTotal it came up with a 7% detection rate.
Some of the detection names are Trojan.MulDrop5, a variant of Win32/InstallCore and HEUR/Malware.QVM06.Gen.
Although the file name contains “adobe” and “flash” it’s not an official Adobe Flash download. The official Adobe Flash Player should be digitally signed by Adobe Inc.
Did you also find a Symbolicom Holdings Limited download? What kind of download was it?
Hello there, just a quick post on a publisher called Kiril Skiba that I found while running some tests on FreeFixer v1.12. I should have this new version of FreeFixer out this week. The suspicious file is named ldownload.exe and the following screenshot shows the User Account Control dialog when running the Kiril Skiba file.
The digital certificate appears to be relatively new. It’s valid from the 11th of Junly, 2014. According to the certificate, Kiril Skiba is located in Ukraine. The certificate is issued by Certum Code Signing CA.
At the time being, the detection score for the Kiril Skiba file is very low. When I uploaded the file to VirusTotal – as I usually do when I find something that looks suspicious – only QIhoo-360 and VBA32 detected the file. The detection names are HEUR/Malware.QVM10.Gen and suspected of Trojan.Downloader.gen.h. With those two detections, I’d stay away from the file. It will be interesting to see if the other anti-virus programs will add this file it in the future.
When I tested to run the Kiril Skiba file, nothing appeared to happen. I could not see any modification at all on my lab computer. No windows popped up. Nothing.
Did you also find a file digitally signed by Kiril Skiba? Did it pose as something useful?