typingmaster10installer.exe

Typing Master 10

Typing Innovation Group Ltd

The executable typingmaster10installer.exe has been detected as malware by 11 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from download.typingmaster10.com.
Publisher:
Typing Innovation Group Ltd

Product:
Typing Master 10

Version:
10.00

MD5:
790ee16beb69b2a17fc2caeb436d4fc0

SHA-1:
725daebcdbe746ad28bb412299f941adcdb2b43e

SHA-256:
7fb0585a42326aac873bdf6181da8c465b559e64f3b687df8a3c58e966d53e21

Scanner detections:
11 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
12/28/2024 12:25:15 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160518-2

AVG
Win32/Sality
2015.0.4568

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.15.21

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.223.798.0

Norman
Win32.Sality.3
28.05.2016 13:03:37

File size:
4.2 MB (4,372,576 bytes)

Product version:
10.1.1.849

Copyright:
Copyright 2015 Typing Innovation Group Ltd.

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\typingmaster10installer.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:fvbiSLcL1LYJJBngdshBsmIZIOAFmG6TwQZBXX9Q:7iOuCngdshGYoG/QlQ

Entry address:
0x9A58

Entry point:
60, 3D, B6, 24, 00, 00, 76, 03, 0F, AF, FD, 69, FD, 3E, CD, 75, 7A, 89, CD, C7, C1, E9, D6, 3B, E9, F3, F3, BD, 2D, F9, 73, 2B, 80, C1, E2, 69, EA, F5, 43, AD, 15, E8, 19, 00, 00, 00, FF, C2, 8D, 1D, 6C, 6C, 14, C3, 89, FA, 2B, DF, 87, FF, C7, C3, 0A, 3C, 86, 69, 84, D8, F3, 3B, F6, 58, 69, F8, 21, 45, 66, 64, 84, E9, 8B, ED, F2, 19, C5, B2, 34, B2, 60, 80, E2, 3E, F6, C3, B0, 3A, D1, 0F, BF, DA, 81, F1, E6, 8E, 00, 00, 4D, 84, F0, FE, C1, F6, C2, 23, 8A, CB, 0F, AF, EA, 09, D1, 87, CA, 38, F5, 0F, B6, CE...
 
[+]

Entropy:
7.9209  (probably packed)

Code size:
36.5 KB (37,376 bytes)

The file typingmaster10installer.exe has been seen being distributed by the following URL.

Remove typingmaster10installer.exe - Powered by Reason Core Security