{"id":2381,"date":"2014-10-25T18:52:41","date_gmt":"2014-10-25T18:52:41","guid":{"rendered":"http:\/\/www.freefixer.com\/b\/?p=2381"},"modified":"2018-05-29T12:01:56","modified_gmt":"2018-05-29T12:01:56","slug":"ooo-finans-servis-virustotal-report","status":"publish","type":"post","link":"https:\/\/www.freefixer.com\/b\/ooo-finans-servis-virustotal-report\/","title":{"rendered":"OOO “Finans Servis” – 9% Detection Rate: InstallCore\/CryptInno"},"content":{"rendered":"

Just wanted to give you the heads up on files digitally signed by OOO “Finans Servis”<\/strong>.<\/p>\n

\"OOO<\/a><\/p>\n

The OOO “Finans Servis” certificate shows that the publisher is located in Moscow in Russia.<\/p>\n

\"OOO<\/a><\/p>\n

The problem here is that the OOO Finans Servis was promoted as an update for Adobe’s Flash Player. If adobe_flash_setup.exe<\/strong> really was a setup file for Adobe Flash Player<\/strong>, it should be digitally signed by Adobe Systems Incorporated<\/strong> and not by some unknown company located in Moscow.<\/p>\n

9% of the anti-malware scanners detected the file. PUP.Optional.InstallCore<\/strong> and BehavesLike.Win32.CryptInno.bc<\/strong> were two of the detection names. I think we will see the other anti-virus programs add this one to the detection list soon.<\/p>\n

\"OOO<\/a><\/p>\n

Since you probably came here after finding a file that was digitally signed by OOO Finans Servis<\/strong>, please share what kind of download it was and if it was detected by the anti-malwares at VirusTotal.<\/p>\n

Thanks for reading.<\/p>\n","protected":false},"excerpt":{"rendered":"

Just wanted to give you the heads up on files digitally signed by OOO “Finans Servis”. The OOO “Finans Servis” certificate shows that the publisher is located in Moscow in Russia. The problem here is that the OOO Finans Servis was promoted as an update for Adobe’s Flash Player. If adobe_flash_setup.exe really was a setup … Continue reading OOO “Finans Servis” – 9% Detection Rate: InstallCore\/CryptInno<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[54],"tags":[181,104],"_links":{"self":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts\/2381"}],"collection":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/comments?post=2381"}],"version-history":[{"count":1,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts\/2381\/revisions"}],"predecessor-version":[{"id":2392,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts\/2381\/revisions\/2392"}],"wp:attachment":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/media?parent=2381"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/categories?post=2381"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/tags?post=2381"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}