TALІ GRUP LLC – 20% Detection Rate – TALI is detected as Amonetize and Strictor

Welcome! If you’ve been following my recent posts here on the FreeFixer blog, you know that I’ve been looking at files that have a valid digital signature and bundle various types of potentially unwanted programs. A few days ago I found another publisher named TALI GRUP LLC.

This is how TALI GRUP LLC appears when running the file:

TALI GRUP LLC publisher in the UAC dialog

You can also look at the TALI GRUP LLC certificate and digital signature by looking under the Digital Signatures tab on the file’s properties. According to the certificate, TALІ GRUP LLC is located in Ukraine in the city of Kiev. The certificate is brand new.

TALI Grup LLC cert in Explorer

The problem is that FlashPlayer__6741_i1416407838_il113.exe is not an official Flash Player download. If it was, it should be digitally signed by Adobe Systems Incorporated.

So, why am I writing about the TALІ GRUP LLC file? Check out what the antimalware programs report about the file:

AhnLab-V3 detects FlashPlayer__6741_i1416407838_il113.exe as PUP/Win32.Amonetiz, BitDefender detects it as Gen:Variant.Adware.Strictor.68509 and Malwarebytes classifies it as PUP.Optional.Amonetize are a few of the detection names for FlashPlayer__6741_i1416407838_il113.exe.

TALI GROUP LLC virustotal - Strictor, Amonetiz and Amontize

To see more in details what changes the TALІ GRUP LLC file would do on a user’s computer I decided to run the file on my lab machine. The installer bundled some additional software such as Wajam, VuuPC, Salus and My Start Search. Here’s a screenshot from the installer:

TALI GROUP LCC installer disclosure

Did you also find a file signed by TALІ GRUP LLC? What kind of download was it and where did you find it?

Thank you for reading.