Riskware or PUP?

Viruses and worms
1

See: https://www.virustotal.com/nl/url/c32c0a532cbb502f2181ba5259326ab0e289fe680e6dacef9228da4cdcacaf68/analysis/1405533578/
and https://www.virustotal.com/nl/file/c755a26554ef04596eafd1808d932c25312a8506690c6f5e8ead18c3bd383c45/analysis/1405530621/
Infested with Win32/RiskWare.Chindo.A
What is this application detection? Trojan-like Riskware. risk 75
Also consider: Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Executable flagged by Suricata IDS: http://urlquery.net/report.php?id=1405533956423 ET INFO EXE - Served Attached HTTP & FILEMAGIC PE32 for MS Windows alerts.
Given 100/100% malicious: http://zulu.zscaler.com/submission/show/8b226f17841ec7623b1e6d9f78333a3a-1405533787
Malware cleansing (source NightWatcher) - not-a-virus:Downloader.NSIS.Agent.jl : http://greatis.com/cleanvirus/trojan/trojan-nsis-downloader-dbtvju.htm
Detection on domain: http://support.clean-mx.de/clean-mx/viruses.php?ip=118.121.252.162&sort=id%20DESC
Detected Win32.Adware.Malplayer.Auto active and up!

pol

2

avast does not detect the downloaded file yet.

3

Another similar riskware case, but this time also blacklisted: htxp://newware15.dbsoufang.cn/kstp.exe?_upd=hlpoboi238i62527.exe
https://www.virustotal.com/nl/url/42abef751421de87745c6640be2b99188585f2538653d027f5b13155dff21032/analysis/1405534926/
https://www.virustotal.com/nl/file/c755a26554ef04596eafd1808d932c25312a8506690c6f5e8ead18c3bd383c45/analysis/1405530621/
Riskware variant: Win32.Risk.Riskware.Hsit → http://sitecheck.sucuri.net/results/newware15.dbsoufang.cn

pol

4

Then we have Win.Adware.Adgazelle-6 → http://support.clean-mx.de/clean-mx/viruses.php?ip=61.147.113.69&sort=id%20DESC
see: https://www.virustotal.com/nl/file/813e31f802d993a1ae11b2504c28323ec0539e2750edf8e24432009ffb2885e3/analysis/
and https://www.virustotal.com/nl/url/abff11b40818e0f6c6ca5f74f5b8a8b785efa6a816e3fe0408fc30bd67294a39/analysis/1405538635/
compare: http://app.webinspector.com/public/reports/22684884
http://urlquery.net/report.php?id=1405538922199 known malware source and IDS alerts for ET INFO EXE - Served Attached HTTP etc.
Listed at DNS-BH / malwaredomains.com.

polonus