Well Scott and I uploaded it for analysis as soon after this topic was created and they are quick to correct an FP once confirmed.

With an anti-malware analysis tool, which is going to constantly change I rather doubt that digital signing is going to be done. The idea of not using a standard executable is to prevent the malware from stopping it running like they do with many other security applications and intercepts, etc. on .exe files.

The problem being I didn’t download it with IE but on firefox, so it didn’t tack on a .txt suffix to the dds.pif file. So I don’t know where the .txt suffix came from, weird.