{"id":1136,"date":"2014-07-25T18:52:41","date_gmt":"2014-07-25T18:52:41","guid":{"rendered":"http:\/\/www.freefixer.com\/b\/?p=1136"},"modified":"2018-05-29T12:02:50","modified_gmt":"2018-05-29T12:02:50","slug":"information-technology-systems-doo","status":"publish","type":"post","link":"https:\/\/www.freefixer.com\/b\/information-technology-systems-doo\/","title":{"rendered":"Information Technology Systems doo – VirusTotal Report"},"content":{"rendered":"

Just wanted to give you the heads up on a publisher called\u00a0Information Technology Systems doo.<\/strong><\/p>\n

\"Information<\/a><\/p>\n

According to the certificate, the publisher is located in Montenegro:<\/p>\n

\"Information<\/a><\/p>\n

This is the VirusTotal scan report for the\u00a0Information Technology Systems doo file:<\/p>\n

\"Information<\/a><\/p>\n

Generic.DAA, Unwanted-Program and \u0003\u00a0are some of the detection names.<\/p>\n

Did you also find a file signed by\u00a0Information Technology Systems doo<\/strong>? What kind of download was it? In my case, the download claimed to be the Flash Player installer.<\/p>\n

Update 2014-09-03: Found a file promoted as a Java installer, signed by\u00a0Information Technology Systems doo<\/strong>:<\/p>\n

\"Information<\/a><\/p>\n

The web page is hosted on softkopro.net. The file is called java_setup.exe<\/a> and is detected by 10 of the 55 anti-virus programs at VirusTotal.<\/p>\n

According to the web page, java_setup.exe is a downloader, rather than the real Java setup file:<\/p>\n

“Coinis downloader is distributing a proprietary download manager that will take you to the official download of this program. Prior to taking you to the official download, we will offer optional sponsored software that you may be interested in. You are not required to install any additional software to receive your download.”<\/p><\/blockquote>\n

Update 2016-09-23: I’ve rescanned the\u00a0java_setup.exe<\/a>\u00a0file. Now the detection rate is\u00a031<\/span>\/57. Based on the scan result<\/a> over at VirusTotal and by looking at the java_setup.exe executable file, it seems that the file contains\u00a0the InstallCore software<\/strong>\u00a0rather the Coinis downloader, contrary to what the web page at\u00a0softkopro.net stated.<\/p>\n","protected":false},"excerpt":{"rendered":"

Just wanted to give you the heads up on a publisher called\u00a0Information Technology Systems doo. According to the certificate, the publisher is located in Montenegro: This is the VirusTotal scan report for the\u00a0Information Technology Systems doo file: Generic.DAA, Unwanted-Program and \u0003\u00a0are some of the detection names. Did you also find a file signed by\u00a0Information Technology … Continue reading Information Technology Systems doo – VirusTotal Report<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[54],"tags":[152,104],"_links":{"self":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts\/1136"}],"collection":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/comments?post=1136"}],"version-history":[{"count":8,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts\/1136\/revisions"}],"predecessor-version":[{"id":8353,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts\/1136\/revisions\/8353"}],"wp:attachment":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/media?parent=1136"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/categories?post=1136"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/tags?post=1136"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}