Tag Archives: HEUR/Malware.QVM10.Gen

Symbolicom Holdings Limited – 7% Detection Rate at VirusTotal

Just wanted to let you know about a publisher called Symbolicom Holdings Limited before going back to writing some code for FreeFixer. When I uploaded the Symbolicom Holdings Limited file, named adobe_flash_player.exe, to VirusTotal it came up with a 7% detection rate.

Symbolicom Holdings Limited certificate for adobe_flash_player.exe Symbolicom Holdings Limited publisher in the UAC dialog Symbolicom Holdings Limited Virus Total Report

Some of the detection names are Trojan.MulDrop5a variant of Win32/InstallCore and  HEUR/Malware.QVM06.Gen.

Although the file name contains “adobe” and “flash” it’s not an official Adobe Flash download. The official Adobe Flash Player should be digitally signed by Adobe Inc.

Did you also find a Symbolicom Holdings Limited download? What kind of download was it?


Kiril Skiba – 2 of 54 Anti-Virus programs detect the Kiril Skiba file

Hello there, just a quick post on a publisher called Kiril Skiba that I found while running some tests on FreeFixer v1.12. I should have this new version of FreeFixer out this week. The suspicious file is named ldownload.exe and the following screenshot shows the User Account Control dialog when running the Kiril Skiba file.

Kiril Skiba appears as the Verified publisher.

The digital certificate appears to be relatively new. It’s valid from the 11th of Junly, 2014. According to the certificate, Kiril Skiba is located in Ukraine. The certificate is issued by  Certum Code Signing CA.

Kiril Skiba certificate

At the time being, the detection score for the Kiril Skiba file is very low. When I uploaded the file to VirusTotal – as I usually do when I find something that looks suspicious –  only QIhoo-360 and VBA32 detected the file. The detection names are HEUR/Malware.QVM10.Gen and suspected of Trojan.Downloader.gen.h. With those two detections, I’d stay away from the file. It will be interesting to see if the other anti-virus programs will add this file it in the future.

Kiril Skiba ldownload.exe virus total report

When I tested to run the Kiril Skiba file, nothing appeared to happen. I could not see any modification at all on my lab computer. No windows popped up. Nothing.

Did you also find a file digitally signed by Kiril Skiba? Did it pose as something useful?