File Signature Verification discrepancy for Adobe installer.

[1Vita]

I got a setup file (SHA1 Hash: 1C27A70F922A95F66F58D8E4B7E91D92C84DA6E3), theoretically from “Adobe Inc.”, where Kaspersky File Supervisor says that it is indeed signed by “Adobe Inc.” so I can trust it even though the file security level is not classified, why would I not when it is signed by a well-known publisher. 

 

But when I contrast that information with another database like “VirusTotal.com” I get the following: “The digital signature of the object did not verify”, implying that the file in question is modified and unreliable. 

 

Is Kaspersky Application Advisor giving misleading information here? 

[Berny]

@1Vita Please see Kaspersky Application Advisor

[1Vita]

@Berny The information is the same. File signed, possible risks not found and file security level not classified, so should I trust this file despite VirusTotal.com information about the signature verification?

 

[Igor Kurzin]

File signed, possible risks not found and file security level not classified, so should I trust this file despite VirusTotal.com information about the signature verification?

Hi, can you pm me the link to the file? 

[1Vita]

File signed, possible risks not found and file security level not classified, so should I trust this file despite VirusTotal.com information about the signature verification?

Hi, can you pm me the link to the file? 

Done.

[Igor Kurzin]

Hi 1Vita, checking. Thank you. 

[Igor Kurzin]

Hi 1Vita, 

We have checked the file, it is clean (does not contain any malware). You are safe to use it. 

[1Vita]

Hi 1Vita, 

We have checked the file, it is clean (does not contain any malware). You are safe to use it. 

Thank you very much for the effort, but I still have a couple of questions:

1. So is it signed by Adobe or is it a modified executable?

2. If it is consumer oriented, could you explain what have you done to determinate that it is clean? If not, how could I conclude on my own (for the next time this happens) that a file is safe when Kaspersky says one thing but sources like virtustotal.com say others?

[Igor Kurzin]

Sure, the more questions, the merrier :) 

1. It is signed by:

Adobe Inc.

DigiCert EV Code Signing CA (SHA2)

2. Since there are a couple of detections for the file hash at virustotal.com, I sent the file to VirusLab via https://opentip.kaspersky.com/ to reanalyze. They checked the file and confirmed it is clean.

In the future, if you have similar situations, you can upload the file at https://opentip.kaspersky.com/ and then send it via reanalyze button to Anti-Virus Lab along with your comments.

 

[1Vita]

Sure, the more questions, the merrier :) 

1. It is signed by:

Adobe Inc.

DigiCert EV Code Signing CA (SHA2)

2. Since there are a couple of detections for the file hash at virustotal.com, I sent the file to VirusLab via https://opentip.kaspersky.com/ to reanalyze. They checked the file and confirmed it is clean.

In the future, if you have similar situations, you can upload the file at https://opentip.kaspersky.com/ and then send it via reanalyze button to Anti-Virus Lab along with your comments.

 

Oh, thank you very much for providing that tool! Seems useful. 

Two last questions: 

1. Once the analysis of the file has been done, can I ask you for the full reports on the file to avoid requesting a demo on https://opentip.kaspersky.com/. 

2. I understand that this question does not involve your job duties but, any ideas on why VirusTotal point out that “the digital signature of the object did not verify”? That is what bothers me the most. 

[1Vita]

Sure, the more questions, the merrier :) 

1. It is signed by:

Adobe Inc.

DigiCert EV Code Signing CA (SHA2)

2. Since there are a couple of detections for the file hash at virustotal.com, I sent the file to VirusLab via https://opentip.kaspersky.com/ to reanalyze. They checked the file and confirmed it is clean.

In the future, if you have similar situations, you can upload the file at https://opentip.kaspersky.com/ and then send it via reanalyze button to Anti-Virus Lab along with your comments.

 

Oh, thank you very much for providing that tool! Seems useful. 

Two last questions: 

1. Once the analysis of the file has been done, can I ask you for the full reports on the file to avoid requesting a demo on https://opentip.kaspersky.com/. 

2. I understand that this question does not involve your job duties but, any ideas on why VirusTotal point out that “the digital signature of the object did not verify”? That is what bothers me the most. 

2. I thought that the reasoning behind that was that the certificate was expired (valid to 02/03/2021) but when I compare this with another Adobe setup with the same signature validity, VirusTotal says that the signature is valid. What a headache ...

[1Vita]

The same properties of the file indicate that the signature is not valid.

“The digital signature of the object was not verified. ”

 

Even Kaspersky’s firewall indicates this.

“Error when checking the signature.”

 

[Igor Kurzin]

Hi @1Vita , 

I confirm, the file was modified, it seems to be a cracked version of Adobe. That’s why the signature is not valid. The file itself does not contain malware and does not spread malware according to our data.