Type1Loader.exe

FontExpert

Limited Liability Company

The application Type1Loader.exe, “FontExpert Type1Loader” by Limited Liability Company has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘FontExpertType1Loader’. This file is typically installed with the program FontExpert 2015 Font Manager by Proxima Software.
Publisher:
Proxima Software  (signed by Limited Liability Company )

Product:
FontExpert

Description:
FontExpert Type1Loader

Version:
13,0,1,1

MD5:
4205fb9a8cf3e481e5ae13fdd9ea8dbd

SHA-1:
324430e930bc1ce83d1e61ac81a6c5e89380b149

SHA-256:
f34fbbfcd458fc8f794d360cb0def1e25b8869c1e5ddff380b3540095ba7ce65

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/14/2024 6:20:18 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ITVA.LimitedLiabilityCompany (M)
15.10.12.13

File size:
175.1 KB (179,336 bytes)

Product version:
13,0,1,1

Copyright:
Copyright © 1999-2015, Proxima Software. All rights reserved.

Original file name:
Type1Loader.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\fontexpert\type1loader.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
10/27/2014 2:00:00 AM

Valid to:
10/28/2015 1:59:59 AM

Subject:
CN="Limited Liability Company ""Proxima SFT""", O="Limited Liability Company ""Proxima SFT""", STREET=Podolskikh Kursantov Street, STREET=18-1-559, L=Moscow, S=Moscow, PostalCode=117545, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4BA63201E321418FF839AA5A0634222F

File PE Metadata
Compilation timestamp:
9/21/2015 10:08:50 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:6BztLET3JS4UARGPCj6p018n+zrxM38ZmQk94qyo:oztLEUNAj3122Zmzbyo

Entry address:
0xAD89

Entry point:
E8, F1, 4D, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 34, 54, 42, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 54, 4A, 42, 00, 01, 0F, 82, 74, 52, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10...
 
[+]

Entropy:
6.0340

Code size:
97.5 KB (99,840 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
FontExpertType1Loader

Command:
C:\Program Files\fontexpert\type1loader.exe


The file Type1Loader.exe has been discovered within the following program.

FontExpert 2015 Font Manager  by Proxima Software
www.proximasoftware.com/fontexpert
About 1% of users remove it
 
Powered by Should I Remove It?

Remove Type1Loader.exe - Powered by Reason Core Security