Screensaver malware or do we have to reconsider...

Someting wrong with the cert: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
See: https://www.virustotal.com/pl/file/37f195262d0de1886a14ec8456d8dc72aa97324eaefe4a2c05b2b28bbeee5bab/analysis/1493474040/
Where we found it: https://www.virustotal.com/pl/url/4600662077cc4ed014e5a0eccf5c42d31de0e6c567224917866e120a563a1b1b/analysis/1493474036/
Flagged here: http://urlquery.net/report.php?id=1493471562513

Malware, PUP or FP? Because given as clean here: https://www.reasoncoresecurity.com/domain-www.7art-screensavers.com.aspx

polonus

Should have been detected by now if malicious :wink:

First submission 2015-12-19 18:19:13 UTC ( 1 year, 4 months ago )

SSL Blacklisted…

This is a list we should keep an eye on: https://chromium.googlesource.com/chromium/src/net/+/master/data/ssl/blacklist/
More in this project: https://gitlab.labs.nic.cz/turris/dist-fw-data/commit/f96540f67c9a3fb9124e00d485652c3f9ba2bc23
A.o. this repository and there are more like this one: https://sslbl.abuse.ch/intel/705066391f2b7f8cc350467bb337648cc1768256

pol

Yes. Last link gives this detection by copying the hash found: https://www.virustotal.com/en/file/589cfe4fc782fb363cfd46a05f954b71d8e72b2a151865cefcb916acb982a24a/analysis/
Note: avast does not detect this file.

Note: avast does not detect this file.
are you sure?

Analysis date: 2017-03-30 01:30:51 UTC ( 1 month ago )

Fits this collection and EMISOFT all classifies them as bad: http://www.istdiesedateisicher.de/product/Bang%20®%20Windows®%20Operating%20System_details.aspx

pol