» typingmaster10installer.exe
Overview
Analysis
File Details
Downloads (1)

typingmaster10installer.exe

Typing Master 10

Typing Innovation Group Ltd

The executable typingmaster10installer.exe has been detected as malware by 11 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from download.typingmaster10.com.

File name:

Publisher:

Typing Innovation Group Ltd

Product:

Typing Master 10

Version:

10.00

MD5:

790ee16beb69b2a17fc2caeb436d4fc0

SHA-1:

725daebcdbe746ad28bb412299f941adcdb2b43e

SHA-256:

7fb0585a42326aac873bdf6181da8c465b559e64f3b687df8a3c58e966d53e21

Scanner detections:

11 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

11/16/2024 3:03:30 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Kukacka

160518-2

AVG

Win32/Sality

2015.0.4568

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

11.5.0.6191

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Sality.gen2

4.6.5.141

F-Secure

Win32.Sality.3

5.15.21

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.223.798.0

Norman

Win32.Sality.3

28.05.2016 13:03:37

File size:

4.2 MB (4,372,576 bytes)

Product version:

10.1.1.849

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\typingmaster10installer.exe

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:fvbiSLcL1LYJJBngdshBsmIZIOAFmG6TwQZBXX9Q:7iOuCngdshGYoG/QlQ

Entry address:

0x9A58

Entry point:

60, 3D, B6, 24, 00, 00, 76, 03, 0F, AF, FD, 69, FD, 3E, CD, 75, 7A, 89, CD, C7, C1, E9, D6, 3B, E9, F3, F3, BD, 2D, F9, 73, 2B, 80, C1, E2, 69, EA, F5, 43, AD, 15, E8, 19, 00, 00, 00, FF, C2, 8D, 1D, 6C, 6C, 14, C3, 89, FA, 2B, DF, 87, FF, C7, C3, 0A, 3C, 86, 69, 84, D8, F3, 3B, F6, 58, 69, F8, 21, 45, 66, 64, 84, E9, 8B, ED, F2, 19, C5, B2, 34, B2, 60, 80, E2, 3E, F6, C3, B0, 3A, D1, 0F, BF, DA, 81, F1, E6, 8E, 00, 00, 4D, 84, F0, FE, C1, F6, C2, 23, 8A, CB, 0F, AF, EA, 09, D1, 87, CA, 38, F5, 0F, B6, CE... 
[+]

Entropy:

7.9209 (probably packed)

Code size:

36.5 KB (37,376 bytes)

The file typingmaster10installer.exe has been seen being distributed by the following URL.

http://download.typingmaster10.com/TypingMaster10Installer.exe

Remove typingmaster10installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.