home

typingtrainer.exe

TypingTrainer

Typing Master Finland Oy

The application typingtrainer.exe by Typing Master Finland Oy has been detected as a potentially unwanted program by 16 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from inst.avg.com.
Publisher:
Typing Innovation Group Ltd  (signed by Typing Master Finland Oy)

Product:
TypingTrainer

Description:
Typing Trainer

Version:
1,19,0,3503

MD5:
6a59f22c15e3a6c2322203ccf0546562

SHA-1:
65e32afdf0439285e394f596b893a63445bcdd4b

SHA-256:
09ada2305b0186861311c1bc7d3cd1f46b048241795b16f22bc67366bf51d020

Scanner detections:
16 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/26/2024 1:22:31 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.OpenInstall
7.1.1

Avira AntiVirus
Adware/OpenInst.644904
7.11.198.150

avast!
Win32:Adware-gen [Adw]
2014.9-151213

Baidu Antivirus
Adware.Win32.Agent
4.0.3.151213

Bkav FE
W32.Cloda78.Trojan
1.3.0.4959

Dr.Web
Adware.Downware.1923
9.0.1.05190

ESET NOD32
Win32/OpenInstall potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OpenInstall
12/13/2015

F-Secure
Suspicious:W32/Malware.623910e362!Online
11.2015-13-12_1

IKARUS anti.virus
Win32.AdWare
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.176.11351

McAfee
Trojan.Artemis!914A124AA499
5600.6552

Qihoo 360 Security
HEUR/QVM20.1.Malware.Gen
1.0.0.1077

Sophos
PUA 'Open Install'
5.22

Trend Micro House Call
TROJ_GEN.F47V1124
7.2.347

Zillya! Antivirus
Adware.OutBrowse.Win32.72823
2.0.0.2561

File size:
629.8 KB (644,896 bytes)

Product version:
1,19,0,3503

Copyright:
Copyright © 2013 Typing Innovation Group Ltd

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\typingtrainer.exe

Digital Signature
Signed by:
Typing Master Finland Oy

Authority:
COMODO CA Limited

Valid from:
1/21/2013 4:00:00 PM

Valid to:
1/22/2014 3:59:59 PM

Subject:
CN=Typing Master Finland Oy, O=Typing Master Finland Oy, STREET=Eerikinkatu 4 a 16, L=Helsinki, S=Helsinki, PostalCode=00100, C=FI

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1E786D842BEB5FF189007C040834FF69

File PE Metadata
Compilation timestamp:
9/11/2013 6:01:43 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:pPEVT/DlxGmVQhlzYBH1PBrj+qCkeHX0h1Db5lugnuz3aJk0iNOTv81RS6:p+DfPVQhlzi5leMD7ul3Ck0V0LS6

Entry address:
0x1000

Entry point:
55, 8B, EC, 81, EC, 1C, 04, 00, 00, 53, 56, 57, BE, CC, 30, 40, 00, 8D, BD, E4, FB, FF, FF, A5, A5, A5, 6A, 7E, 66, A5, 59, 33, C0, 8D, BD, F2, FB, FF, FF, F3, AB, 66, AB, BB, 04, 01, 00, 00, 53, 8D, 85, E4, FB, FF, FF, 50, FF, 15, 5C, 30, 40, 00, 66, 83, A5, EC, FD, FF, FF, 00, 33, C0, B9, 81, 00, 00, 00, 8D, BD, EE, FD, FF, FF, F3, AB, 66, AB, 8D, 45, FE, 50, 8D, 85, EC, FD, FF, FF, 50, 8D, 85, E4, FB, FF, FF, 50, C7, 45, F8, FD, FF, FF, FF, C6, 45, FE, 00, E8, 45, 01, 00, 00, 83, C4, 0C, 84, C0, 74, 15...
 
[+]

Entropy:
6.7961

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

The file typingtrainer.exe has been seen being distributed by the following URL.

http://inst.avg.com/.../dl.php?pid=3126553&hash=33418daece8100065c47a7e3670281306e9a292f

Remove typingtrainer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.