Ultrareach Internet Corp. - 16% Detection Rate *

Did you just find a download or a file on your computer that has been digitally signed by Ultrareach Internet Corp.? Some of the security products refers to the detected files as Application.Agent.BNR and UltraSurf (fs) (not malicious). The detection rate for the Ultrareach Internet Corp. files collected here is 16%. Please read on for more details.

You will typically see Ultrareach Internet Corp. when clicking to run the file. The publisher name is displayed as the "Verified publisher" in the UAC dialog as the screenshot shows:

Screenshot where Ultrareach Internet Corp. appears as the verified publisher in the UAC dialog

You can view the digital signature details for Ultrareach Internet Corp. with the following procedure:

  1. Open up Windows Explorer and locate the Ultrareach Internet Corp. file
  2. Right-click the file and select Properties
  3. Click the Digital Signatures tab
  4. Click on the View Certificate button

Here's a screenshot of a file signed by Ultrareach Internet Corp.:

Screenshot of the Ultrareach Internet Corp. certificate

As you can see in the screenshot above, Windows states that "This digital signature is OK". This implies that the file has been published by Ultrareach Internet Corp. and that no one has tampered with the file.

If you click the View Certificate button shown in the screengrab above, you can examine all the details of the certificate, such as when it was issued, who issued the certificate, how long it is valid, and so on. You can also examine the address for Ultrareach Internet Corp., such as the street name, city and country.

GlobalSign CodeSigning CA - SHA256 - G2 and DigiCert SHA2 Assured ID Code Signing CA has issued the Ultrareach Internet Corp. certificates. You can also examine the details of the issuer by clicking the View Certificate button shown in the screenshot above.

Ultrareach Internet Corp. Files

These are the Ultrareach Internet Corp. files I've collected, thanks to the FreeFixer users.

Detection RatioFile Name
12/56u1504.exe
2/57u.exe
23/68u.exe
2/65u.exe

Scanner and Detection Names

Here's the detection names for the Ultrareach Internet Corp. files. I have grouped the detection names by each scanner engine. Thanks to VirusTotal for the scan results.

ScannerDetection Names
Ad-AwareApplication.Agent.BNR
AegisLabSpr.Ultrasurf.Gen!c
Antiy-AVLRiskWare[RiskTool]/Win32.AGeneric
ArcabitApplication.Agent.BNR
AviraSPR/UltraReach.A
Baidu-InternationalHacktool.Win32.UltraReach.cc
BitDefenderApplication.Agent.BNR
BkavW32.Clod3f4.Trojan.1681
ClamAVWin.Malware.Agent-6410010-0
ComodoApplication.Win32.UltraReach.A, Application.Win32.NetTool.UltraSurf.~A, ApplicUnwnt
CylanceUnsafe
CyrenW32/Trojan.OSVA-7670
DrWebTrojan.DownLoader26.39404
ESET-NOD32a variant of Win32/UltraReach potentially unsafe, a variant of Win32/UltraReach.AG potentially unsafe
EmsisoftApplication.Agent.BNR (B)
Endgamemalicious (moderate confidence)
F-SecureApplication.Agent.BNR
FortinetRiskware/UltraSurf
GDataWin32.Trojan.Agent.Q6EI6K
JiangminRiskTool.UltraSurf.e
Kasperskynot-a-virus:RiskTool.Win32.UltraSurf.mu
MAXmalware (ai score=96)
McAfeeArtemis!08CD5B2AA0A5
McAfee-GW-EditionArtemis!PUP
MicroWorld-eScanApplication.Agent.BNR
NANO-AntivirusRiskware.Win32.UltraSurf.euxlee
RisingPE:Malware.Generic/QRS!1.9E2D [F]
TrendMicroHKTL_USUR
TrendMicro-HouseCallHKTL_USUR
VIPREUltraSurf (fs) (not malicious)
YandexRiskware.Agent!
ZillyaTrojan.TDSS.Win32.46589
ZoneAlarmnot-a-virus:RiskTool.Win32.UltraSurf.mu

* How the Detection Percentage is Calculated

The detection percentage is based on the fact that I have collected 246 scan reports for the Ultrareach Internet Corp. files. 39 of these scan reports came up with some sort of detection. You can view the full details of the scan reports by examining the files listed above.

Analysis Details

The analysis has been done on certificates with the following serial numbers:

Comments

No comments posted yet.

Leave a reply