This is not a digitally signed application. Trusted vendors have nothing to do with this, the file was whitelisted by file hashes. I also encountered a similar sample of the same class (Emotet - basically a banking trojan) which also copied a file to appdata and was whitelisted. The variant that I submitted has been blacklisted now.
On a side note I have tried removing the Trusted Vendors List. It seems that with cloud lookup enabled, it still checks the TVL in the cloud (vendors that are found trusted by cloud scan are added back to the TVL), so removing TVL with cloud lookup enabled is basically pointless. If you were to disable cloud lookup and remove TVL it might result in system files being sandboxed if you aren't careful, and of course usability is impacted.