Jump to content

File Signature Verification discrepancy for Adobe installer.


Go to solution Solved by Igor Kurzin,

Recommended Posts

Posted

I got a setup file (SHA1 Hash: 1C27A70F922A95F66F58D8E4B7E91D92C84DA6E3), theoretically from “Adobe Inc.”, where Kaspersky File Supervisor says that it is indeed signed by “Adobe Inc.” so I can trust it even though the file security level is not classified, why would I not when it is signed by a well-known publisher. 

 

But when I contrast that information with another database like “VirusTotal.com” I get the following: “The digital signature of the object did not verify”, implying that the file in question is modified and unreliable. 

 

Is Kaspersky Application Advisor giving misleading information here? 

Posted

@Berny The information is the same. File signed, possible risks not found and file security level not classified, so should I trust this file despite VirusTotal.com information about the signature verification?

 

Posted

File signed, possible risks not found and file security level not classified, so should I trust this file despite VirusTotal.com information about the signature verification?

Hi, can you pm me the link to the file? 

Posted

File signed, possible risks not found and file security level not classified, so should I trust this file despite VirusTotal.com information about the signature verification?

Hi, can you pm me the link to the file? 

Done.

Posted

Hi 1Vita, checking. Thank you. 

Posted

Hi 1Vita, 

We have checked the file, it is clean (does not contain any malware). You are safe to use it. 

Posted

Hi 1Vita, 

We have checked the file, it is clean (does not contain any malware). You are safe to use it. 

Thank you very much for the effort, but I still have a couple of questions:

1. So is it signed by Adobe or is it a modified executable?

2. If it is consumer oriented, could you explain what have you done to determinate that it is clean? If not, how could I conclude on my own (for the next time this happens) that a file is safe when Kaspersky says one thing but sources like virtustotal.com say others?

  • Solution
Posted

Sure, the more questions, the merrier :) 

  1. It is signed by:

Adobe Inc.

DigiCert EV Code Signing CA (SHA2)

  1. Since there are a couple of detections for the file hash at virustotal.com, I sent the file to VirusLab via https://opentip.kaspersky.com/ to reanalyze. They checked the file and confirmed it is clean.

In the future, if you have similar situations, you can upload the file at https://opentip.kaspersky.com/ and then send it via reanalyze button to Anti-Virus Lab along with your comments.

 

Posted

Sure, the more questions, the merrier :) 

  1. It is signed by:

Adobe Inc.

DigiCert EV Code Signing CA (SHA2)

  1. Since there are a couple of detections for the file hash at virustotal.com, I sent the file to VirusLab via https://opentip.kaspersky.com/ to reanalyze. They checked the file and confirmed it is clean.

In the future, if you have similar situations, you can upload the file at https://opentip.kaspersky.com/ and then send it via reanalyze button to Anti-Virus Lab along with your comments.

 

Oh, thank you very much for providing that tool! Seems useful. 

Two last questions: 

  1. Once the analysis of the file has been done, can I ask you for the full reports on the file to avoid requesting a demo on https://opentip.kaspersky.com/

  1. I understand that this question does not involve your job duties but, any ideas on why VirusTotal point out that “the digital signature of the object did not verify”? That is what bothers me the most. 

Posted

Sure, the more questions, the merrier :) 

  1. It is signed by:

Adobe Inc.

DigiCert EV Code Signing CA (SHA2)

  1. Since there are a couple of detections for the file hash at virustotal.com, I sent the file to VirusLab via https://opentip.kaspersky.com/ to reanalyze. They checked the file and confirmed it is clean.

In the future, if you have similar situations, you can upload the file at https://opentip.kaspersky.com/ and then send it via reanalyze button to Anti-Virus Lab along with your comments.

 

Oh, thank you very much for providing that tool! Seems useful. 

Two last questions: 

  1. Once the analysis of the file has been done, can I ask you for the full reports on the file to avoid requesting a demo on https://opentip.kaspersky.com/

  1. I understand that this question does not involve your job duties but, any ideas on why VirusTotal point out that “the digital signature of the object did not verify”? That is what bothers me the most. 

  1. I thought that the reasoning behind that was that the certificate was expired (valid to 02/03/2021) but when I compare this with another Adobe setup with the same signature validity, VirusTotal says that the signature is valid. What a headache ...
Posted

The same properties of the file indicate that the signature is not valid.

“The digital signature of the object was not verified. ”

 

Even Kaspersky’s firewall indicates this.

“Error when checking the signature.”

 

Posted

Hi @1Vita , 

I confirm, the file was modified, it seems to be a cracked version of Adobe. That’s why the signature is not valid. The file itself does not contain malware and does not spread malware according to our data. 

 

Guest
This topic is now closed to further replies.


×
×
  • Create New...