{"id":2160,"date":"2014-10-17T08:37:31","date_gmt":"2014-10-17T08:37:31","guid":{"rendered":"http:\/\/www.freefixer.com\/b\/?p=2160"},"modified":"2018-05-29T12:01:58","modified_gmt":"2018-05-29T12:01:58","slug":"doz-dekorum-llc-virustotal-report","status":"publish","type":"post","link":"https:\/\/www.freefixer.com\/b\/doz-dekorum-llc-virustotal-report\/","title":{"rendered":"DOZ-DEKORUM LLC – 17% Detection Rate at VirusTotal"},"content":{"rendered":"

Hello! Just a quick post today, since I’m busy working with the next release of FreeFixer<\/a>. Did you see a file, such as FlashPlayer_6741_i1375671586_il280.exe, on your system signed by DOZ-DEKORUM LLC<\/strong>? Then read on..<\/p>\n

Typically you’d see the DOZ-DEKORUM LLC publisher name appear when double-clicking on the FlashPlayer_6741_i1375671586_il280.exe file:<\/p>\n

\"DOZ-DEKORUM<\/a><\/p>\n

It’s possible to view additional information about the embedded certificate by right-clicking on the file, choosing properties and then clicking on the Digital Signatures tab. According to the certificate we can see that DOZ-DEKORUM LLC is located in Kiev<\/strong> in Ukraine<\/strong> and that the certificate is issued by Thawte Code Signing CA – G2.<\/p>\n

\"DOZ-DEKORUM<\/a><\/p>\n

The problem here is that if FlashPlayer_6741_i1375671586_il280.exe really was an installer file for Flash Player, it should have been signed by Adobe Inc.<\/strong> and not by some unknown company. I think this looks suspicious.<\/p>\n

So, what does the anti-virus programs say about the DOZ-DEKORUM LLC file? No problem, I just uploaded the file to VirusTotal and it turned out that some (17%) of the anti-virus programs detects the DOZ-DEKORUM LLC file, with names such as Generic.AF5<\/strong>, Adware.Downware.8818<\/strong> and PUP.Optional.Amonetize<\/strong>.<\/p>\n

\"DOZ-DEKORUM<\/a><\/p>\n

Since some of the anti-virus programs detected the DOZ-DEKORUM LLC file, I got curious and decided to test it to see what it installed. After stepping though the installer, RegClean Pro<\/strong> and Wajam<\/strong> appeared on my computer. Did you also find a file digitally signed by DOZ-DEKORUM LLC? What kind of download was it and where did you find it?<\/p>\n

Thanks for reading.<\/p>\n","protected":false},"excerpt":{"rendered":"

Hello! Just a quick post today, since I’m busy working with the next release of FreeFixer. Did you see a file, such as FlashPlayer_6741_i1375671586_il280.exe, on your system signed by DOZ-DEKORUM LLC? Then read on.. Typically you’d see the DOZ-DEKORUM LLC publisher name appear when double-clicking on the FlashPlayer_6741_i1375671586_il280.exe file: It’s possible to view additional information … Continue reading DOZ-DEKORUM LLC – 17% Detection Rate at VirusTotal<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[54],"tags":[126,186],"_links":{"self":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts\/2160"}],"collection":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/comments?post=2160"}],"version-history":[{"count":2,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts\/2160\/revisions"}],"predecessor-version":[{"id":2165,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts\/2160\/revisions\/2165"}],"wp:attachment":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/media?parent=2160"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/categories?post=2160"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/tags?post=2160"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}