utm.exe & CIS

[Guest]

[naren]

Was testing CIS latest with default settings.

utm.exe has a weird digital signature which is invalid. It is trusted by CIS i.e it gets into trusted lists.

If you keep the mouse over utm.exe it mentions company Microsoft Corporation. Trusted lists also shows Microsoft Corporation.

See the attached screenshots related to utm.exe & CIS.

VT Link - https://www.virustotal.com/file/362d492dfcf5b644c143844831a319f8d381a9cd1a81ebcfabe484c325cad792/analysis/1334163462/

Valkyrie Link - https://valkyrie.comodo.com/Result.html?sha1=e3cde656b494f1037c73c7220c38a52d2fe71d94&&query=0&&filename=uTM.exe

Comodo Dragon asks to discard the file during download as it finds it malicious.

[Hause]

Report in CIMA
http://cima.security.comodo.com/report/e3cde656b494f1037c73c7220c38a52d2fe71d94.htm
Verdict:
Suspicious++
Suspicious Actions Detected:
Creates autorun records
Deletes self
Injects code into other processes

[Siketa]

Wow! 
Nice catch, guys! 

[naren]

I am wondering how a file with such a weird invalid digital signature was whitelisted by Comodo?

A mistake or a bug in the whitelisting process?

[FlorinG]

Hello,

The sample you have provided is not trusted by CIS, in fact is has a malware signature and it is detected.

Best regards,
FlorinG

[naren]

Hello,

The sample you have provided is not trusted by CIS, in fact is has a malware signature and it is detected.

Best regards,
FlorinG

Do you mean to say I am lieng in any way

CIS is detecting the sample today BUT yesterday it was not detecting it, infact the sample was trusted by CIS as shown in the screenshot in the first post.

[Tags:]