» autotexttypersetup.exe
Overview
Analysis
File Details
Downloads (1)

autotexttypersetup.exe

Auto Text Typer

Rong Liying

The application autotexttypersetup.exe, “Auto Text Typer Setup ” by Rong Liying has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from freedownloadsapps.com.

File name:

Publisher:

AMAC ltd. (signed by Rong Liying)

Product:

Auto Text Typer

Description:

Auto Text Typer Setup

MD5:

8b90aea64d1ab5632beee7dc1e9eb637

SHA-1:

d4ee9822004ef577a2c056e6b480eb35248ff276

SHA-256:

4d2e5e566fb71c514ca3fcca7e165016594ec7162ad0939c3c1b3cb81437af11

Scanner detections:

2 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

5/1/2024 10:28:53 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.CSH (L)

16.12.12.19

Rising Antivirus

Spyware.KL.Delf!1.6558 (classic)

23.00.65.16903

File size:

652.4 KB (668,016 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\autotexttypersetup.exe

Digital Signature

Signed by:

Rong Liying

Authority:

StartCom Ltd.

Valid from:

4/10/2015 9:54:50 PM

Valid to:

4/10/2017 11:55:21 PM

Subject:

E=afihaha@gmail.com, CN=Rong Liying, L=Zhuhai, S=Guangdong, C=CN

Issuer:

CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:

1130471BCC3B4E

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:SQiG1wPimyY45VSnh5Z/iw7nkSZAv6ILS3zm3o21PZtECOxWY+iFfqON:SQiAwPb4mn/hiHiH3zm1LtdEJ+uqq

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9684

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file autotexttypersetup.exe has been seen being distributed by the following URL.

http://freedownloadsapps.com/download_now.asp?d_fname=Auto-Text-Typer&fno=188353

Remove autotexttypersetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.