» typingmaster10installer.exe
Overview
Analysis
File Details
Downloads (1)

typingmaster10installer.exe

Typing Master 10

Typing Innovation Group Ltd

The executable typingmaster10installer.exe has been detected as malware by 8 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from download.typingmaster10.com.

File name:

Publisher:

Typing Innovation Group Ltd

Product:

Typing Master 10

Version:

10.00

MD5:

f76672e54e33e3e318ff5e073b81497f

SHA-1:

0f1d101649573fd9de9a3d9c405dc9aa1996f114

SHA-256:

707607e504ecbd6c4c75c802ed126007c12f5fa62c1e896c58f212893266e1a7

Scanner detections:

8 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

11/16/2024 2:43:30 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Kukacka

160518-2

AVG

Win32/Sality

2015.0.4604

Emsisoft Anti-Malware

Win32.Sality

11.5.0.6191

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Sality.E.gen

4.6.5.141

Kaspersky

Virus.Win32.Sality

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.225.2396.0

Norman

Win32.Sality.3

22.05.2016 07:18:28

File size:

4.2 MB (4,372,576 bytes)

Product version:

10.1.1.849

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\typingmaster10installer.exe

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:DMVNiSLcL1LYJJBngdshBsmIZIOAFmG6TwQZBXX9Q:uiOuCngdshGYoG/QlQ

Entry address:

0x9A58

Entry point:

60, F2, 23, C7, 0F, CE, 68, 4F, D6, F6, 00, 68, 47, 36, 1C, 00, 0F, AF, DA, C0, CF, 95, 0F, AF, CA, 0F, CD, 85, EF, 0F, BA, E7, F3, 0F, BC, FF, 0F, BC, C8, F7, D5, 3B, C6, 88, D0, 89, F7, 89, F5, F6, DD, 4E, 0F, AF, CF, 8D, 3D, A0, D6, B1, DE, 0F, C1, F6, FE, CB, E8, 0E, 00, 00, 00, C6, C4, 97, BA, 51, E2, 4E, 41, 0F, AF, D6, 41, 3B, FB, C6, C1, 1D, 0F, AF, CB, 2A, FD, 81, C5, 2F, 0E, 00, 00, 8A, EB, 0F, A4, F2, 4A, 81, C5, 24, 01, 00, 00, 5D, 87, FF, 86, E1, F6, D5, 52, 55, F6, C2, D1, 0F, C9, D1, E1, D1... 
[+]

Entropy:

7.9209 (probably packed)

Code size:

36.5 KB (37,376 bytes)

The file typingmaster10installer.exe has been seen being distributed by the following URL.

http://download.typingmaster10.com/TypingMaster10Installer.exe

Remove typingmaster10installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.