Investigating a new malicious site, led to files housed on Zippyshare, and surprise surprise, this led once again, to misleading and blatantly fake "update required" rubbish from the likes of iLivid and the Israel based, Cool Applications (aka Coolapptech). No idea what exactly is going on over there, but there seems to be an upsurge of badness from Israel as far as misleading and blatantly irresponsible/unethical PPI/bundlers coming from there of late (one other Israel based company you'll be familiar with for example, is Installrex/Installex (aka Justplug.it) who are housing a plethora of badness on 188.8.131.52 (though their domains (e.g. amu.takegoldeninstalls.info) are now routing through CloudFlare (no big surprise, we already know they don't care)).
The URLs involved this time, are;
The files themselves are signed using Comodo certificates, and in the case of the Cool Applications.com one, signed by;
63 Rothscild Blvd.
For those wondering, the files the site I was investigating led to are;
Haven't analyzed these yet.