Tag Archives: WebInstallBundle

Symbu LLC – 9% Detection Rate – DownloadAdmin / WebInstallBundle

Hello! Was looking for some downloads to play around with and found one, digitally signed by Symbu LLC. The file is named freeallinonemediaplayer-setup.exe. You may see Symbu LLC appear as the publisher when double-clicking on the freeallinonemediaplayer-setup.exe file.

Symbu LLC uac

By examining the certificate, we can see that Symbu LLC is located in San Fransisco, the US. The certificate is issued by DigiCert SHA2 Assured ID Code Signing CA.

Symbu LLC certificate

9% of the scanners detected the file when uploaded to VirusTotal. The freeallinonemediaplayer-setup.exe file is detected as Trojan.Win32.Atraps.b by ByteHero, Adware:W32/WebInstallBundle by F-Secure, Win32.Application.DownloadAdmin.A by GData and DownloadAdmin (fs) by VIPRE.

Symbu LLC virustotal

Did you also find a Symbu LLC file?

Hope this blog post helped you avoid some unwanted software on your machine.

Thank you for reading.

Sanflex – 33% Detection Rate – WebInstallBundle, DownloadAdmin and Artemis

Hello! Just a quick post on a file named installer_adobe_flash_player_Swedish.exe signed by Sanflex. The following screenshot shows the User Account Control dialog when running the Sanflex file:

Sanflex publisher

By looking at the certificate we can see that Sanflex appears to be located in San Fransisco, United States of America.

Sanflex certificate

The problem here is that if installer_adobe_flash_player_Swedish.exe really was a setup file for the official Adobe Flash Player, it would be digitally signed by Adobe Systems Incorporated and not by some unknown company. This looks very suspicious.

If you are considering to run the Sanflex signed file, I’ll advice you not to. Delete it instead. Just check out detection list by some of the anti-virus program. Big thanks to VirusTotal for the scan result.

Sanflex virustotal

F-Secure detects installer_adobe_flash_player_Swedish.exe as Adware:W32/WebInstallBundle, Fortinet reports Riskware/DownloadAdmin, Malwarebytes classifies it as PUP.Optional.DownloadAdmin and McAfee detects it as Artemis.

Did you also find a Sanflex file? What kind of download was it?

Thanks for reading.