home

typingtrainer.exe

TypingTrainer

Typing Master Finland Oy

The application typingtrainer.exe by Typing Master Finland Oy has been detected as a potentially unwanted program by 17 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from inst.avg.com.
Publisher:
Typing Innovation Group Ltd  (signed by Typing Master Finland Oy)

Product:
TypingTrainer

Description:
Typing Trainer

Version:
1,19,0,3503

MD5:
ff489708ed4ad96047ef61e22a46a06f

SHA-1:
de59d2c14b1ee5378fa492e0598b8252a076a95c

SHA-256:
74cf96e793fcea03fb97eb856495acb3073ab3a0a8af7b34e48565d5f324141c

Scanner detections:
17 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/26/2024 3:04:28 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.OpenInstall
7.1.1

Avira AntiVirus
PUA/OpenInst.644904
8.3.2.4

avast!
Win32:Adware-gen [Adw]
2014.9-160119

Baidu Antivirus
Adware.Win32.Agent
4.0.3.16119

Bkav FE
W32.Cloda78.Trojan
1.3.0.4959

Dr.Web
Adware.Downware.1923
9.0.1.019

ESET NOD32
Win32/OpenInstall potentially unwanted (variant)
10.12739

Fortinet FortiGate
Riskware/OpenInstall
1/19/2016

F-Secure
Suspicious:W32/Malware.623910e362!Online
11.2016-19-01_3

IKARUS anti.virus
AdWare
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.18131

McAfee
Trojan.Artemis!914A124AA499
5600.6516

Qihoo 360 Security
HEUR/QVM20.1.Malware.Gen
1.0.0.1077

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.16117

Sophos
Open Install (PUA)
4.98

Trend Micro House Call
TROJ_GEN.F47V1124
7.2.19

Zillya! Antivirus
Adware.OutBrowse.Win32.72823
2.0.0.2569

File size:
629.8 KB (644,904 bytes)

Product version:
1,19,0,3503

Copyright:
Copyright © 2013 Typing Innovation Group Ltd

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\typingtrainer.exe

Digital Signature
Signed by:
Typing Master Finland Oy

Authority:
COMODO CA Limited

Valid from:
1/21/2013 6:00:00 PM

Valid to:
1/22/2014 5:59:59 PM

Subject:
CN=Typing Master Finland Oy, O=Typing Master Finland Oy, STREET=Eerikinkatu 4 a 16, L=Helsinki, S=Helsinki, PostalCode=00100, C=FI

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1E786D842BEB5FF189007C040834FF69

File PE Metadata
Compilation timestamp:
9/11/2013 8:01:43 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:xPEVT/DlxGmVQhlzYBH1PBrj+qCkeHX0h1Db5lugnuz3aJk0iNOTv81R61:x+DfPVQhlzi5leMD7ul3Ck0V0L61

Entry address:
0x1000

Entry point:
55, 8B, EC, 81, EC, 1C, 04, 00, 00, 53, 56, 57, BE, CC, 30, 40, 00, 8D, BD, E4, FB, FF, FF, A5, A5, A5, 6A, 7E, 66, A5, 59, 33, C0, 8D, BD, F2, FB, FF, FF, F3, AB, 66, AB, BB, 04, 01, 00, 00, 53, 8D, 85, E4, FB, FF, FF, 50, FF, 15, 5C, 30, 40, 00, 66, 83, A5, EC, FD, FF, FF, 00, 33, C0, B9, 81, 00, 00, 00, 8D, BD, EE, FD, FF, FF, F3, AB, 66, AB, 8D, 45, FE, 50, 8D, 85, EC, FD, FF, FF, 50, 8D, 85, E4, FB, FF, FF, 50, C7, 45, F8, FD, FF, FF, FF, C6, 45, FE, 00, E8, 45, 01, 00, 00, 83, C4, 0C, 84, C0, 74, 15...
 
[+]

Entropy:
6.7961

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

The file typingtrainer.exe has been seen being distributed by the following URL.

http://inst.avg.com/.../dl.php?pid=3126553&hash=33418daece8100065c47a7e3670281306e9a292f

Remove typingtrainer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.