Hello readers! Just wanted to give you heads-up on suspicious file I found right now. The file is named ChromeSetup.exe and digitally signed by World Setup (New Media Holdings Ltd.).
It’s possible to view additional information about the certificate by right-clicking on the file, choosing properties and then clicking on the Digital Signatures tab. According to the certificate we can see that World Setup (New Media Holdings Ltd.) appears to be located in Tel Aviv, Israel and that the certificate is issued by GlobalSign CodeSigning CA – G2.
The problem is that ChromeSetup.exe is not an official Google Chrome download. If it was, it would be digitally signed by Google Inc.. Here’s how the authentic Google Chrome looks like when you double click on it. Notice that the “Verified publisher” says “Google Inc”.
After uploading the World Setup (New Media Holdings Ltd.) file – ChromeSetup.exe – to VirusTotal, it was clear that it’s probably better to stay away from file than running it. The detection rate was 11% and some of the detection names were: ADWARE/InstallCore.Gen, Application.Win32.InstallCore.DR and InstallCore (fs).
Since you probably came here after finding a download that was digitally signed by World Setup (New Media Holdings Ltd.), please share what kind of download it was and if it was detected by the antimalware scanners at VirusTotal.
Thanks for reading.