Tag Archives: Russia

YURIY DRACHEV – VirusTotal Detects The Download as “MultiPlug”

Welcome! Just a quick post today. Did you just find a file signed by YURIY DRACHEV? Then read on..

YURIY DRACHEV publisher

Windows will display YURIY DRACHEV as the publisher when running the file. It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the YURIY DRACHEV certificate. Yuriy is according to the cert located in Russia.

YURIY DRACHEV certificate

If you are considering to run the YURIY DRACHEV signed file, I’ll advice you not to. This is yet another variant of the unwanted MultiPlug software.

Thanks for reading.

VIKTOR AGRAPOVICH – 35% Detection – MPlug / MultiPlug

Hi there! Just a short post before I call it a day. I found yet another file that bundled a bunch of unwanted programs, and the file was signed by VIKTOR AGRAPOVICH.

VIKTOR AGRAPOVICH publisher

Typically you’d see the VIKTOR AGRAPOVICH publisher name appear when double-clicking on the file: It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the VIKTOR AGRAPOVICH certificate. Viktor seems to be located in Russia.

VIKTOR AGRAPOVICH cert

The scan result from VirusTotal below clearly shows why you should avoid the VIKTOR AGRAPOVICH file. It is detected under names such as Generic6.AYBD, Gen:Variant.Adware.Mplug, Trojan ( 0040fa761 ), PUP.Optional.MultiPlug and MultiPlug-FXN.

VIKTOR AGRAPOVICH virus total

Did you also find a VIKTOR AGRAPOVICH file?

Thank you for reading.

ALEKSEY TIMOFEEV – 32% Detection Rate

Hello! Just a note on a publisher called ALEKSEY TIMOFEEV. The ALEKSEY TIMOFEEV download was detected when I uploaded it to VirusTotal. Did you also find a download by ALEKSEY TIMOFEEV? Was it also detected when you uploaded it to VirusTotal?

ALEKSEY TIMOFEEV publisher

If you have a ALEKSEY TIMOFEEV file on your computer you may have noticed that ALEKSEY TIMOFEEV pops up as the publisher in the User Account Control dialog when running the file. The certificate is issued by Certum Code Signing CA.

ALEKSEY TIMOFEEV certificate

Aleksey appears to be located in Russia.

The scan result from VirusTotal below clearly shows why you should avoid the ALEKSEY TIMOFEEV file. It is detected under names such as a variant of Win32/Adware.MultiPlug.LX, Gen:Variant.Adware.Mplug and Trojan.Win32.Qudamah.Gen.2.

ALEKSEY TIMOFEEV anti-virus report

Did you also find a ALEKSEY TIMOFEEV download? What kind of download was it?

Thank you for reading.

SERGEY STAROSTIN – 12% Detection Rate – MultiPlug

Hello readers! Did you just find a file that’s digitally signed by SERGEY STAROSTIN and came here to find more about it?

SERGEY STAROSTIN publisher

You can see who the signer is when double-clicking on an executable file. SERGEY STAROSTIN appears in the publisher field in the dialog that pops up. The certificate is issued by Certum Code Signing CA. Sergey is located in Russia.SERGEY STAROSTIN certificate

So, why am I writing about the SERGEY STAROSTIN file? Check out what the anti-malware scanners report about the file:

SERGEY STAROSTIN virus total

are a few of the detection names for Medal Of Honour PC Game Full version Free Download.exe.

Did you also find a SERGEY STAROSTIN file? Do you remember where you downloaded it?

Thank you for reading.

SERGEY SEMENOV – 14% Detection Rate

Welcome! Just a quick post on a publisher called SERGEY SEMENOV.

SERGEY SEMENOV publisher

It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the SERGEY SEMENOV certificate. Sergey appears to be located in Russia.

SERGEY SEMENOV cert

Fortinet detects the file as Riskware/Badur, Tencent classifies it as Trojan.Win32.Qudamah.Gen.2 and VBA32 detects it as suspected of Heur.Malware-Cryptor.Multiplug.

SERGEY SEMENOV anti virus report

Did you also find a SERGEY SEMENOV file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thank you for reading.

ALEKSANDR FEDOROV – 28% Detection Rate

Welcome! If you’ve been following me for the last year you know that I’ve been examining many software publishers that put a digital signature on their downloads. Today I found another publisher called ALEKSANDR FEDOROV.

ALEKSANDR FEDOROV publisher

You can see who the signer is when double-clicking on an executable file. ALEKSANDR FEDOROV appears in the publisher field in the dialog that pops up. It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the ALEKSANDR FEDOROV certificate. According to that he is located in Russia.

ALEKSANDR FEDOROV certificate

The reason for posting about ALEKSANDR FEDOROV is that the file is detected by many of the anti-virus programs. Fortinet reports Download Uc Browser V Handler Zip.exe as Riskware/Badur, GData detects it as Gen:Variant.Adware.MPlug.42, Malwarebytes detects it as PUP.Optional.Multiplug and Tencent calls it Trojan.Win32.Qudamah.Gen.2.

ALEKSANDR FEDOROV

Since you probably came here after finding a download that was signed by ALEKSANDR FEDOROV, please share what kind of download it was and if it was reported by the anti-viruses at VirusTotal.

Thank you for reading.

Artem Leonidov – 18% Detection Rate – MultiPlug

Hello readers! Just a short note on a publisher called Artem Leonidov. This is how Artem Leonidov appears when running the file:

Artem  Leonidov publisher

The certificate is issued by Certum Code Signing CA. And the publisher is located in Russia:

Artem  Leonidov certificate

When I uploaded the file to VirusTotal – as I usually do when I find something that looks suspicious – 18% of the scanners detected the file. The file is detected as a variant of Win32/Adware.MultiPlug.LG by ESET-NOD32, PUP.Optional.Bundle by Malwarebytes, Trojan.Win32.Qudamah.Gen.6 by Tencent and suspected of Heur.Malware-Cryptor.Multiplug by VBA32.

Artem Leonidov virus total report

Did you also find a Artem Leonidov file? Do you remember where you downloaded it?

Thank you for reading.

VYACHESLAV KULOV – 30% Detection Rate at VirusTotal

Hello! Lately I’ve been looking on the digital signatures on those files that push various types of unwanted programs. This morning I found a new file called Medal Of Honour PC Game Full version Free Download.exe, digitally signed by VYACHESLAV KULOV.

VYACHESLAV KULOV publisher

You can see who the signer is when double-clicking on an executable file. VYACHESLAV KULOV appears in the publisher field in the dialog that pops up and he appears to be located in Russia. The certificate is issued by Certum Code Signing CA.

VYACHESLAV KULOV certificate

When I uploaded the VYACHESLAV KULOV file to VirusTotal, it came up with a 30% detection rate. The file is detected as a variant of Win32/Adware.MultiPlug.KU by ESET-NOD32, Gen:Variant.Adware.Mplug by F-Secure, MultiPlug by Sophos and suspected of Heur.Malware-Cryptor.Multiplug by VBA32.

VYACHESLAV KULOV anti-virus report

The download bundled a bunch of other software, such as PriceMinus and BestAdBlocker.

Did you also find a VYACHESLAV KULOV file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thanks for reading.

Igor Menyalo – 41% Detection Rate – MultiPlug / Qudamah / Kazy

Hi there! Just a note on a publisher called Igor Menyalo. The Igor Menyalo download  was detected when I uploaded it to VirusTotal. Did you also find a download by Igor Menyalo? Was it also detected when you uploaded it to VirusTotal?

Igor Menyalo publisher

That’s how it looks when double-clicking on the file and Igor Menyalo appears as the publisher. It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Igor Menyalo certificate.

Igor Menyalo certificate

 

Igor Menyalo appears to be located in Russia.

TR/Crypt.XPACK.Gen, Gen:Variant.Adware.Kazy.611186, W32/S-0625bdde!Eldorado, PUP.Optional.MultiPlug and Trojan.Win32.Qudamah.Gen.0 are some detection names according to VirusTotal:

Igor Menyalo anti-virus report

I decided to run the Igor Menyalo signed file, and it offered three additional programs called PriceMinus, BestAdBlocker and MyPC Backup in the installer.

Did you also find an Igor Menyalo? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thank you for reading.

OOO Mad Advert – 5% Detection Rate – Trojan.InstallCore / Win32:Malware-gen

Hi there! Just wanted to give you heads-up on suspicious file I found right now. The file is named adobe_flash_setup.exe and digitally signed by OOO Mad Advert.

OOO Mad Advert publisher

You can also check the digital signature under the file’s properties.. The screenshot below shows the OOO Mad Advert certificate. From the certificate info we can see that OOO Mad Advert appears to be located in Moscow, Russia.

OOO Mad Advert cert

 

Here’s how the OOO MAD Advert download is promoted:

updater.safeplugin-update.org pop up

What caught my attention was that the download was called adobe_flash_setup.exe. This might look like an official Adobe Flash Player download, but it is not. If it was an official download, it should have been digitally signed by Adobe Systems Incorporated. Here’s how the authentic Adobe Flash Player looks like when you double click on it. Notice that the “Verified publisher” says “Adobe Systems Incorporated”.
Adobe Systems Incorporated - Adobe Flashplayer Installer

The detection rate is 3/55. Avast reports adobe_flash_setup.exe as Win32:Malware-gen, DrWeb calls it Trojan.InstallCore.508 and ESET-NOD32 calls it a variant of Win32/InstallCore.ZC potentially unwanted.

OOO Mad Advert anti-virus report

Did you also find a OOO Mad Advert file? Do you remember where you downloaded it?

Thank you for reading.