starT PlaYInG - 39% Detection Rate *

Did you just find a download or a file on your computer that has a digital signature from starT PlaYInG? Some of the security products refers to the detected files as Gen:Variant.Adware.Mikey.21084 and OutBrowse (fs). The detection rate for the starT PlaYInG files collected here is 39%. Please read on for more details.

You will typically see starT PlaYInG when clicking to run the file. The publisher name is then displayed as the "Verified publisher" in the UAC dialog as the screenshot shows:

Screenshot where starT PlaYInG appears as the verified publisher in the UAC dialog

You can view additional details from the starT PlaYInG certificate with the following procedure:

  1. Open Windows Explorer and locate the starT PlaYInG file
  2. Right-click on the file and select Properties
  3. Click on the Digital Signatures tab
  4. Click on the View Certificate button

Here is a screenshot of a file that has been signed by starT PlaYInG:

Screenshot of the starT PlaYInG certificate

As you can see in the screenshot above, the Windows OS reports that "This digital signature is OK". This means that the file has been published by starT PlaYInG and that the file has not been tampered with.

If you click the View Certificate button shown in the screenshot above, you can see all the details of the certificate, such as when it was issued, who issued the certificate, how long it is valid, and so on. You can also see the address for starT PlaYInG, such as the street name, city and country.

thawte SHA256 Code Signing CA has issued the starT PlaYInG certificates. You can also examine the details of the issuer by clicking the View Certificate button shown in the screenshot above.

starT PlaYInG Files

These are the starT PlaYInG files I've collected, thanks to the FreeFixer users.

Detection RatioFile Name
20/56serial.exe
16/56bedjaijcia.exe
30/57Player.exe

Scanner and Detection Names

Here's the detection names for the starT PlaYInG files. I've grouped the detection names by each scanner engine. Thanks to VirusTotal for the scan results.

ScannerDetection Names
AVGDownloader.QHE, Downloader.QGI, Downloader.OPP
AVwareOutBrowse (fs)
Ad-AwareGen:Variant.Adware.Mikey.21084
AgnitumPUA.OutBrowse!
AhnLab-V3PUP/Win32.OutBrowse
Antiy-AVLGrayWare[AdWare:not-a-virus,HEUR]/Win32.OutBrowse
ArcabitTrojan.Adware.Mikey.D525C
AvastNSIS:OutBrowse-DQ [PUP]
AviraPUA/Outbrowse.Gen
Baidu-InternationalAdware.Win32.OutBrowse.BY
BitDefenderGen:Variant.Adware.Mikey.21084
CAT-QuickHealPUA.OutBrowse.A
CyrenW32/Adware.PUGO-0761
DrWebTrojan.OutBrowse.1107, Trojan.OutBrowse.1069
ESET-NOD32a variant of Win32/OutBrowse.BY potentially unwanted, a variant of Win32/OutBrowse.BX potentially unwanted
EmsisoftGen:Variant.Adware.Mikey.21084 (B)
F-SecureGen:Variant.Adware.Mikey
FortinetRiskware/OutBrowse
GDataNSIS.Application.OutBrowse.AN, Win32.Adware.Outbrowse.Z, Gen:Variant.Adware.Mikey.21084
IkarusPUA.OutBrowse
K7AntiVirusAdware ( 004bccaf1 ), Adware ( 004bd6a21 )
K7GWAdware ( 004bccaf1 ), Adware ( 004bd6a21 )
Kasperskynot-a-virus:HEUR:AdWare.Win32.OutBrowse.heur
McAfeeArtemis!17ED520F2DBC, Adware-OutBrowse.g
McAfee-GW-EditionAdware-OutBrowse.g, RDN/Generic.grp
MicroWorld-eScanGen:Variant.Adware.Mikey.21084
NANO-AntivirusTrojan.Win32.OutBrowse.duyiqc, Trojan.Win32.OutBrowse.duxjgb, Trojan.Win32.OutBrowse.dulwld
PandaPUP/Multitoolbar, Trj/Genetic.gen
Qihoo-360HEUR/QVM42.1.Malware.Gen, HEUR/QVM30.1.Malware.Gen
RisingPE:Trojan.Win32.Generic.18F05322!418403106
SophosGeneric PUA AP (PUA), Mal/Generic-S
SymantecTrojan.Gen.2
TrendMicro-HouseCallTROJ_GE.737E6906
VIPREOutBrowse (fs)
ZillyaAdware.OutBrowseGen.Win32.1

* How the Detection Percentage is Calculated

The detection percentage is based on that I've gathered 169 scan results for the starT PlaYInG files. 66 of these scan results came up with some sort of detection. You can view the full details of the scan results by examining the files listed above.

Analysis Details

The analysis is based on certificates with the following serial numbers:

Comments

No comments posted yet.

Leave a reply