» Type1Loader.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

Type1Loader.exe

FontExpert

Limited Liability Company

The application Type1Loader.exe, “FontExpert Type1Loader” by Limited Liability Company has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘FontExpertType1Loader’. This file is typically installed with the program FontExpert 2015 Font Manager by Proxima Software.

File name:

Type1Loader.exe

Publisher:

Proxima Software (signed by Limited Liability Company )

Product:

FontExpert

Description:

FontExpert Type1Loader

Version:

13,0,1,1

MD5:

4205fb9a8cf3e481e5ae13fdd9ea8dbd

SHA-1:

324430e930bc1ce83d1e61ac81a6c5e89380b149

SHA-256:

f34fbbfcd458fc8f794d360cb0def1e25b8869c1e5ddff380b3540095ba7ce65

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/26/2024 5:45:18 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ITVA.LimitedLiabilityCompany (M)

15.10.12.13

File size:

175.1 KB (179,336 bytes)

Product version:

13,0,1,1

Original file name:

Type1Loader.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\fontexpert\type1loader.exe

Digital Signature

Signed by:

Limited Liability Company

Authority:

COMODO CA Limited

Valid from:

10/27/2014 2:00:00 AM

Valid to:

10/28/2015 1:59:59 AM

Subject:

CN="Limited Liability Company ""Proxima SFT""", O="Limited Liability Company ""Proxima SFT""", STREET=Podolskikh Kursantov Street, STREET=18-1-559, L=Moscow, S=Moscow, PostalCode=117545, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

4BA63201E321418FF839AA5A0634222F

File PE Metadata

Compilation timestamp:

9/21/2015 10:08:50 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:6BztLET3JS4UARGPCj6p018n+zrxM38ZmQk94qyo:oztLEUNAj3122Zmzbyo

Entry address:

0xAD89

Entry point:

E8, F1, 4D, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 34, 54, 42, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 54, 4A, 42, 00, 01, 0F, 82, 74, 52, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10... 
[+]

Entropy:

6.0340

Code size:

97.5 KB (99,840 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

FontExpertType1Loader

Command:

C:\Program Files\fontexpert\type1loader.exe

The file Type1Loader.exe has been discovered within the following program.

FontExpert 2015 Font Manager by Proxima Software

www.proximasoftware.com/fontexpert

About 1% of users remove it

Remove Type1Loader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.