I checked this file called “ecash.exe” MD5 is 361adcbd6edad229ea8c5bd22c304a63 . I’ts an infected toolbar.
I been able download and execute this file under win 7 x86 with no AV nor D+ popup :-TD
The D+ events said “analized online and found safe” BUT if i manually scan it, CAV finds a malware >:-D…
How is it possible ? and Why ? I’m not sure to trust the cloud anymore… 
I think anything is first checked against the safelists i.e whitelists & if found in these lists its not scanned with the AV i.e anything is scanned with the AV when not found in the whitelists.
Thanxx
Naren
I sent a PM to Umesh with the file and VT report
Thanks cvsa,
It’s an installer which had safe sign in cloud but file inside is detected as malware. Safe signature has been removed from cloud and detection should be same across now.
Thanks
-umesh
Just for my understanding. Was the actual virus file signed with the same signature as the installer or was it unsigned?
Hi EricJH,
Installer, which had safe sign was not signed.
Thanks
-umesh
Is the safe sign, that when enabled, will tell to run a file as rusted/Installer as can be seen in the Active Processes List?