home

typingtrainer.exe

TypingTrainer

Typing Master Finland Oy

The application typingtrainer.exe by Typing Master Finland Oy has been detected as a potentially unwanted program by 16 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from inst.avg.com.
Publisher:
Typing Innovation Group Ltd  (signed by Typing Master Finland Oy)

Product:
TypingTrainer

Description:
Typing Trainer

Version:
1,19,0,3503

MD5:
babe81c3509a60f05985a03d5f63a50f

SHA-1:
c88bc0604536cb855bf3f09cc69fe918315b908b

SHA-256:
3a751fe46bdab2f6176f3e152dafa2f9db83b2fed59c4349e7137bd2c55fdd4c

Scanner detections:
16 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/26/2024 10:10:16 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.OpenInstall
7.1.1

Avira AntiVirus
Adware/OpenInst.644904
7.11.198.150

avast!
Win32:Adware-gen [Adw]
2014.9-160112

Baidu Antivirus
Adware.Win32.Agent
4.0.3.16112

Bkav FE
W32.Cloda78.Trojan
1.3.0.4959

Dr.Web
Adware.Downware.1923
9.0.1.012

ESET NOD32
Win32/OpenInstall (variant)
10.9656

Fortinet FortiGate
Riskware/OpenInstall
1/12/2016

F-Secure
Suspicious:W32/Malware.623910e362!Online
11.2016-12-01_3

IKARUS anti.virus
Win32.AdWare
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.176.11711

McAfee
Artemis!BABE81C3509A
5600.6522

Qihoo 360 Security
HEUR/QVM20.1.Malware.Gen
1.0.0.1077

Sophos
Open Install
4.98

Trend Micro House Call
TROJ_GEN.F47V0307
7.2.12

Zillya! Antivirus
Adware.OutBrowse.Win32.72823
2.0.0.2561

File size:
629.8 KB (644,904 bytes)

Product version:
1,19,0,3503

Copyright:
Copyright © 2013 Typing Innovation Group Ltd

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\typingtrainer.exe

Digital Signature
Signed by:
Typing Master Finland Oy

Authority:
COMODO CA Limited

Valid from:
1/21/2013 4:00:00 PM

Valid to:
1/22/2014 3:59:59 PM

Subject:
CN=Typing Master Finland Oy, O=Typing Master Finland Oy, STREET=Eerikinkatu 4 a 16, L=Helsinki, S=Helsinki, PostalCode=00100, C=FI

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1E786D842BEB5FF189007C040834FF69

File PE Metadata
Compilation timestamp:
9/11/2013 6:01:43 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:xPEVT/DlxGmVQhlzYBH1PBrj+qCkeHX0h1Db5lugnuz3aJk0iNOTv81R66:x+DfPVQhlzi5leMD7ul3Ck0V0L66

Entry address:
0x1000

Entry point:
55, 8B, EC, 81, EC, 1C, 04, 00, 00, 53, 56, 57, BE, CC, 30, 40, 00, 8D, BD, E4, FB, FF, FF, A5, A5, A5, 6A, 7E, 66, A5, 59, 33, C0, 8D, BD, F2, FB, FF, FF, F3, AB, 66, AB, BB, 04, 01, 00, 00, 53, 8D, 85, E4, FB, FF, FF, 50, FF, 15, 5C, 30, 40, 00, 66, 83, A5, EC, FD, FF, FF, 00, 33, C0, B9, 81, 00, 00, 00, 8D, BD, EE, FD, FF, FF, F3, AB, 66, AB, 8D, 45, FE, 50, 8D, 85, EC, FD, FF, FF, 50, 8D, 85, E4, FB, FF, FF, 50, C7, 45, F8, FD, FF, FF, FF, C6, 45, FE, 00, E8, 45, 01, 00, 00, 83, C4, 0C, 84, C0, 74, 15...
 
[+]

Entropy:
6.7961

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

The file typingtrainer.exe has been seen being distributed by the following URL.

http://inst.avg.com/.../dl.php?pid=3126553&hash=33418daece8100065c47a7e3670281306e9a292f

Remove typingtrainer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.