File is
FULLY trusted !!!
PUA/Riskware.Variant.Installcore - Certificate "issued" by
VeriSign & "countersigned" by
Symantec &
Thawte https://valkyrie.comodo.com/get_info?sha1=f623d6ab8d80683e6dc99a31d9757e8b2f29c027https://www.virustotal.com/#/file/eedae8b6871e5016d1ce2d6b743d09d657e29ed67a4fb7eca4ca9844a0311f74/detectionSome suspicious/malicious Indicators : Compiler/Packer signature > Compiler : Borland Delphi 4.0 , Packer : Inno Setup Module 5.x [SFX] , Digisig is expired >>> May 16 23:59:59 2016 , File has multiple PE Anomalies ( File ignores DEP , File ignores Code Integrity , CRC value set in PE header does not match actual value , PE file contains zero-size sections , The File sections " .rdata , .reloc , .rsrc " are shareable , Contains unknown resources ) , Embeds an other file ( Type: Inno Setup , Location : Overlay ) ,Has no visible windows , Drops executables , Creates new processes , File wrote bytes to itself , Creates guarded memory sections , Accesses to the Windows default safe DLL search path , File accesses to > Authorization API , Error Handling API , System Information API , Structured Exception Handling API , Console API ...
Certificate Details : Algorithm: rsaEncryption
Version: 3
Issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU - /CN=VeriSign Class 3 Code Signing 2010 CA
Serial: 98365989605199104652559069604092146726
Serial (Hex): 4a0099b9a58d592947df50cc37517426
Valid from: Feb 15 00:00:00 2014 GMT
Valid until: May 16 23:59:59 2016 GMT
C (countryName): US [5553]
CN (commonName): WinZip Computing [57696E5A697020436F6D707574696E67]
L (localityName): Mansfield [4D616E736669656C64]
O (organizationName): WinZip Computing [57696E5A697020436F6D707574696E67]
OU (organizationalUnitName): IT [4954]
ST (stateOrProvinceName): Connecticut [436F6E6E65637469637574]
