Am Mon, 14 Sep 2015 16:39:15 +0200 schrieb Jakob Bohm <jb-openssl at wisemo.com>: > Where can I see the actual file (Not the virustotal > description of the signature), I would need to look > at the actual details to make sense of this. I think you have to use some kind of a subscription and use their APIs to access their database. I've searched the web and found: http://admdownload.adobe.com/bin/live/flashplayer18ax_ha_install.exe (md5: 0c6b5474223a4b5bf90a46844ed865db) Seems to be a file with the same criteria here. > By the way, whomever signed this seems to be mixing > competing CAs (GlobalSign for the cert, Symantec for > the timestamp). Why not? ;-) > And this file is very new (July 2015), are you sure > it uses the nonstandard EncryptedDigest calculation? No, I'm not. Maybe I'm doing something wrong. I don't know. Regards Michael
