home

Type1Loader.exe

FontExpert

Limited Liability Company

The application Type1Loader.exe, “FontExpert Type1Loader” by Limited Liability Company has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘FontExpertType1Loader’.
Publisher:
Proxima Software  (signed by Limited Liability Company )

Product:
FontExpert

Description:
FontExpert Type1Loader

Version:
14,0,0,1

MD5:
c87c57889926d5296957c9312fdac47f

SHA-1:
373f6773978e4006b4f209d546c374274a859eab

SHA-256:
36e0a072850f3f993cb08e35149cfead6132f8b70a75029a270c5f0480484e69

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/26/2024 6:57:12 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ITVA (M)
17.2.23.23

File size:
514.8 KB (527,104 bytes)

Product version:
14,0,0,1

Copyright:
Copyright © 1999-2016, Proxima Software. All rights reserved.

Original file name:
Type1Loader.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\fontexpert\type1loader.exe

Digital Signature
Signed by:
Limited Liability Company

Authority:
COMODO CA Limited

Valid from:
11/3/2015 3:30:00 AM

Valid to:
11/3/2018 3:29:59 AM

Subject:
CN="Limited Liability Company ""Proxima SFT""", O="Limited Liability Company ""Proxima SFT""", STREET=Podolskikh Kursantov Street, STREET=18-1-559, L=Moscow, S=Moscow, PostalCode=113545, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E15E6E25105D1DF08E664E64AF6CE3CA

File PE Metadata
Compilation timestamp:
10/24/2016 2:23:04 AM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x31D3C

Entry point:
48, 83, EC, 28, E8, 9F, 08, 00, 00, 48, 83, C4, 28, E9, 82, FE, FF, FF, CC, CC, 48, FF, 25, 81, 46, 02, 00, CC, 48, 83, EC, 28, 4D, 8B, 41, 38, 48, 8B, CA, 49, 8B, D1, E8, 0D, 00, 00, 00, B8, 01, 00, 00, 00, 48, 83, C4, 28, C3, CC, CC, CC, 40, 53, 45, 8B, 18, 48, 8B, DA, 41, 83, E3, F8, 4C, 8B, C9, 41, F6, 00, 04, 4C, 8B, D1, 74, 13, 41, 8B, 40, 08, 4D, 63, 50, 04, F7, D8, 4C, 03, D1, 48, 63, C8, 4C, 23, D1, 49, 63, C3, 4A, 8B, 14, 10, 48, 8B, 43, 10, 8B, 48, 08, 48, 03, 4B, 08, F6, 41, 03, 0F, 74, 0A, 0F...
 
[+]

Entropy:
6.3025

Code size:
337 KB (345,088 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
FontExpertType1Loader

Command:
C:\Program Files\fontexpert\type1loader.exe


Remove Type1Loader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.