Hi there! Just a quick Sunday post on a file named flashplayerpro_Setup.exe signed by Liquidbuild that I found while reviewing some files submitted to the FreeFixer database of files. The problem is that flashplayerpro_Setup.exe is not an official Flash Player download. If it was, it should be digitally signed by Adobe Systems Incorporated.
When I uploaded the Liquidbuild file to VirusTotal, it came up with a 28% detection rate. The file is detected as Adware/iBryte.bxow by Avira, Gen:Variant.Kazy.466717 by BitDefender, Gen:Variant.Kazy.466717 by F-Secure and Optimum Installer (fs) by VIPRE. It’s probably better to stay away from this file.
Did you also find a Liquidbuild file?
Thanks for reading.
Welcome! Just a short post on a publisher called Safe Down. I just found a download named Java_Setup.exe that was digitally by this publisher, and it turns out that it is detected by some anti-virus programs.
What caught my attention was that the download was called Java_Setup.exe. This might look like an official Java download, but it is not. If it was an official download, it should be digitally signed by Oracle INC.
22% of the scanners detected the file. ESET-NOD32 reports Java_Setup.exe as a variant of Win32/AdWare.iBryte.BM, Fortinet detects it as W32/Zbot.AAN!tr, Kaspersky calls it Trojan.Win32.Badur.joje, McAfee reports IBryte-FRK and VIPRE names it Optimum Installer (fs).
Did you also find a Safe Down file?
Thank you for reading.
Welcome! Just a note on a publisher called Fileangels. The Fileangels download – setup.exe – was detected when I uploaded it to VirusTotal. Did you also find a download by Fileangels? Was it also detected when you uploaded it to VirusTotal?
This is how Fileangels appears when running the file:
By looking at the certificate we can see that Fileangels appears to be located in Kansas City, USA.
The reason I’m writing this blog post is that the Fileangels file is detected by some of the anti-malware scanners at VirusTotal. AVG detects setup.exe as AdPlugin.BNR, Fortinet detects it as W32/Zbot.AAN!tr, Kaspersky detects it as Trojan.Win32.Badur.jukw, Malwarebytes reports PUP.Optional.OptimunInstaller and McAfee detects it as IBryte-FRT. In addition, the Fileangels download was also promoted as a “Java Update”.
Did you also find a file digitally signed by Fileangels? Where did you find it and are the anti-virus programs detecting it? Please share in the comments below.
Thanks for reading.