Hello! Just a note on a publisher called ALEKSEY TIMOFEEV. The ALEKSEY TIMOFEEV download was detected when I uploaded it to VirusTotal. Did you also find a download by ALEKSEY TIMOFEEV? Was it also detected when you uploaded it to VirusTotal?

If you have a ALEKSEY TIMOFEEV file on your computer you may have noticed that ALEKSEY TIMOFEEV pops up as the publisher in the User Account Control dialog when running the file. The certificate is issued by Certum Code Signing CA.

Aleksey appears to be located in Russia.

The scan result from VirusTotal below clearly shows why you should avoid the ALEKSEY TIMOFEEV file. It is detected under names such as a variant of Win32/Adware.MultiPlug.LX, Gen:Variant.Adware.Mplug and Trojan.Win32.Qudamah.Gen.2.

Did you also find a ALEKSEY TIMOFEEV download? What kind of download was it?

Thank you for reading.

Welcome! If you’ve been following me for the last year you know that I’ve been examining many software publishers that put a digital signature on their downloads. Today I found another publisher called ALEKSANDR FEDOROV.

You can see who the signer is when double-clicking on an executable file. ALEKSANDR FEDOROV appears in the publisher field in the dialog that pops up. It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the ALEKSANDR FEDOROV certificate. According to that he is located in Russia.

The reason for posting about ALEKSANDR FEDOROV is that the file is detected by many of the anti-virus programs. Fortinet reports Download Uc Browser V Handler Zip.exe as Riskware/Badur, GData detects it as Gen:Variant.Adware.MPlug.42, Malwarebytes detects it as PUP.Optional.Multiplug and Tencent calls it Trojan.Win32.Qudamah.Gen.2.

Since you probably came here after finding a download that was signed by ALEKSANDR FEDOROV, please share what kind of download it was and if it was reported by the anti-viruses at VirusTotal.

Thank you for reading.

Hello readers! Just a short note on a publisher called Artem Leonidov. This is how Artem Leonidov appears when running the file:

The certificate is issued by Certum Code Signing CA. And the publisher is located in Russia:

When I uploaded the file to VirusTotal – as I usually do when I find something that looks suspicious – 18% of the scanners detected the file. The file is detected as a variant of Win32/Adware.MultiPlug.LG by ESET-NOD32, PUP.Optional.Bundle by Malwarebytes, Trojan.Win32.Qudamah.Gen.6 by Tencent and suspected of Heur.Malware-Cryptor.Multiplug by VBA32.

Did you also find a Artem Leonidov file? Do you remember where you downloaded it?

Thank you for reading.

Hello! Lately I’ve been looking on the digital signatures on those files that push various types of unwanted programs. This morning I found a new file called Medal Of Honour PC Game Full version Free Download.exe, digitally signed by VYACHESLAV KULOV.

You can see who the signer is when double-clicking on an executable file. VYACHESLAV KULOV appears in the publisher field in the dialog that pops up and he appears to be located in Russia. The certificate is issued by Certum Code Signing CA.

When I uploaded the VYACHESLAV KULOV file to VirusTotal, it came up with a 30% detection rate. The file is detected as a variant of Win32/Adware.MultiPlug.KU by ESET-NOD32, Gen:Variant.Adware.Mplug by F-Secure, MultiPlug by Sophos and suspected of Heur.Malware-Cryptor.Multiplug by VBA32.

The download bundled a bunch of other software, such as PriceMinus and BestAdBlocker.

Did you also find a VYACHESLAV KULOV file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thanks for reading.