Hello readers! If you are a regular here on the FreeFixer blog, you know that I’ve been examining files that have a digital signature and bundle various types of potentially unwanted software. Today I found another publisher named viD PLAY that bundles some software.
If you have a viD PLAY file on your computer you may have noticed that viD PLAY pops up as the publisher in the User Account Control dialog when running the file. The certificate is issued by thawte SHA256 Code Signing CA.
Thawte at the root in the certificate chain:
After uploading the viD PLAY file – Player.exe – to VirusTotal, it was clear that it’s probably better to delete the file than running it. The detection rate was 33% and some of the detection names were: Downloader.UIA, PUP.Optional.Vidplay, Adware-OutBrowse.h and OutBrowse.
Did you also find a viD PLAY file? What kind of download was it? If you remember the download link, please post it in the comments below.
Thank you for reading.