{"id":1268,"date":"2014-08-05T07:30:22","date_gmt":"2014-08-05T07:30:22","guid":{"rendered":"http:\/\/www.freefixer.com\/b\/?p=1268"},"modified":"2018-05-29T12:02:48","modified_gmt":"2018-05-29T12:02:48","slug":"wilmaonline-ltd","status":"publish","type":"post","link":"https:\/\/www.freefixer.com\/b\/wilmaonline-ltd\/","title":{"rendered":"Wilmaonline LTD – VirusTotal and Bundling Report"},"content":{"rendered":"

Found a file this morning, claiming to be a Flash Player setup file<\/a>. However, the file was not digitally signed by Adobe, which is the publisher of the Flash Player. Instead it was signed by a company called\u00a0Wilmaonline LTD.\u00a0<\/strong>which made it look suspicious.<\/p>\n

\"Wilmaonline<\/a><\/p>\n

According to the certificate that is embedded in the file, Wilmaonline is a company located in Israel.<\/p>\n

\"Wilmaonline<\/a><\/p>\n

So, what does the anti-virus programs say about the Wilmaonline<\/strong> file? No problem, I just uploaded the file to VirusTotal and it turned out that many of the anti-virus programs detects the Wilmaonline<\/strong> file, with names such as Adware.Downware<\/strong>\u00a0and\u00a0PUP.Optional.Amonetize.<\/strong><\/p>\n

\"Wilmaonline<\/a><\/p>\n

To see more in details what changes the Wilmaonline<\/strong> file would do on a user’s computer I decided to run the file on my lab machine. The following InstallPath<\/strong> installer appeared, where “Flash Player”, Dolphin Deals<\/strong>, Flow Surf<\/strong>, Webssearches<\/strong> and OffersWizard<\/strong>\u00a0selected for installation by default. This is probably the reason why the anti-virus programs detects the Wilmaonline<\/strong> file, in addition to using Adobe’s Flash trademark.<\/p>\n

\"Wilmaonline<\/a><\/p>\n

Did you also find a file digitally signed by Wilma Online<\/strong>? What kind of download was it and where did you find it?<\/p>\n

Update 13 Sep 2014<\/strong>: Thought I should follow up on this one. The Wilmaonline<\/strong> signed files are still being distributed. They are promoted as Flash Players, chess games, Ask.FM trackers, keygens, cracks, etc. The installer file includes lots of bundled programs, but for unknown reasons, nothing is installed when I click through the installer. Did you also see this behaviour, or did it install the bundled programs on your machine? The anti-virus programs have improved their detection rates somewhat for the WilmaOnline files:<\/p>\n