{"id":3411,"date":"2014-12-04T08:20:04","date_gmt":"2014-12-04T08:20:04","guid":{"rendered":"http:\/\/www.freefixer.com\/b\/?p=3411"},"modified":"2018-05-29T12:01:16","modified_gmt":"2018-05-29T12:01:16","slug":"tal%d1%96-grup-llc-20-detection-rate-tali-is-detected-as-amonetize-and-strictor","status":"publish","type":"post","link":"https:\/\/www.freefixer.com\/b\/tal%d1%96-grup-llc-20-detection-rate-tali-is-detected-as-amonetize-and-strictor\/","title":{"rendered":"TAL\u0406 GRUP LLC &#8211; 20% Detection Rate &#8211; TALI is detected as Amonetize and Strictor"},"content":{"rendered":"<p>Welcome! If you&#8217;ve been following my recent posts here on the FreeFixer blog, you know that I&#8217;ve been looking at files that have a valid digital signature and bundle various types of potentially unwanted programs. A few days ago I found another publisher named <strong>TALI GRUP LLC<\/strong>.<\/p>\n<p>This is how TALI GRUP LLC appears when running the file:<\/p>\n<p><a href=\"http:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/12\/TALI-GRUP-LLC-publisher.png\"><img loading=\"lazy\" class=\"alignnone wp-image-3415 size-full\" src=\"http:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/12\/TALI-GRUP-LLC-publisher.png\" alt=\"TALI GRUP LLC publisher in the UAC dialog\" width=\"491\" height=\"291\" srcset=\"https:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/12\/TALI-GRUP-LLC-publisher.png 491w, https:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/12\/TALI-GRUP-LLC-publisher-300x177.png 300w\" sizes=\"(max-width: 491px) 100vw, 491px\" \/><\/a><\/p>\n<p>You can also look at the TALI GRUP LLC certificate and digital signature by looking under the Digital Signatures tab on the file&#8217;s properties. According to the certificate,\u00a0TAL\u0406\u00a0GRUP LLC is located in Ukraine in the city of Kiev. The certificate is brand new.<\/p>\n<p><a href=\"http:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/12\/TALI-Grup-LLC-cert.png\"><img loading=\"lazy\" class=\"alignnone wp-image-3414 size-full\" src=\"http:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/12\/TALI-Grup-LLC-cert.png\" alt=\"TALI Grup LLC cert in Explorer\" width=\"515\" height=\"447\" srcset=\"https:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/12\/TALI-Grup-LLC-cert.png 515w, https:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/12\/TALI-Grup-LLC-cert-300x260.png 300w\" sizes=\"(max-width: 515px) 100vw, 515px\" \/><\/a><\/p>\n<p>The problem is that FlashPlayer__6741_i1416407838_il113.exe is not an official Flash Player download. If it was, it should be digitally signed by <strong>Adobe Systems Incorporated<\/strong>.<\/p>\n<p>So, why am I writing about the\u00a0TAL\u0406\u00a0GRUP LLC file? Check out what the antimalware programs report about the file:<\/p>\n<p>AhnLab-V3 detects FlashPlayer__6741_i1416407838_il113.exe as <strong>PUP\/Win32.Amonetiz<\/strong>, BitDefender detects it as <strong>Gen:Variant.Adware.Strictor.68509<\/strong> and Malwarebytes classifies it as <strong>PUP.Optional.Amonetize<\/strong> are a few of the detection names for FlashPlayer__6741_i1416407838_il113.exe.<\/p>\n<p><a href=\"http:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/12\/TALI-GROUP-LLC-virustotal.png\"><img loading=\"lazy\" class=\"alignnone wp-image-3413 size-full\" src=\"http:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/12\/TALI-GROUP-LLC-virustotal.png\" alt=\"TALI GROUP LLC virustotal - Strictor, Amonetiz and Amontize\" width=\"671\" height=\"451\" srcset=\"https:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/12\/TALI-GROUP-LLC-virustotal.png 671w, https:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/12\/TALI-GROUP-LLC-virustotal-300x201.png 300w\" sizes=\"(max-width: 671px) 100vw, 671px\" \/><\/a><\/p>\n<p>To see more in details what changes the\u00a0TAL\u0406\u00a0GRUP LLC file would do on a user&#8217;s computer I decided to run the file on my lab machine. The installer bundled some additional software such as Wajam, VuuPC, <a title=\"Salus Adware \u2013 \u201cAds by Salus\u201d Removal Instructions\" href=\"http:\/\/www.freefixer.com\/b\/remove-salus-adware\/\">Salus<\/a> and My Start Search. Here&#8217;s a screenshot from the installer:<\/p>\n<p><a href=\"http:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/12\/TALI-GROUP-LCC-installer.png\"><img loading=\"lazy\" class=\"alignnone wp-image-3412 size-full\" src=\"http:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/12\/TALI-GROUP-LCC-installer.png\" alt=\"TALI GROUP LCC installer disclosure\" width=\"684\" height=\"476\" srcset=\"https:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/12\/TALI-GROUP-LCC-installer.png 684w, https:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/12\/TALI-GROUP-LCC-installer-300x208.png 300w\" sizes=\"(max-width: 684px) 100vw, 684px\" \/><\/a><\/p>\n<p>Did you also find a file signed by\u00a0TAL\u0406\u00a0GRUP LLC? What kind of download was it and where did you find it?<\/p>\n<p>Thank you for reading.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome! If you&#8217;ve been following my recent posts here on the FreeFixer blog, you know that I&#8217;ve been looking at files that have a valid digital signature and bundle various types of potentially unwanted programs. A few days ago I found another publisher named TALI GRUP LLC. This is how TALI GRUP LLC appears when &hellip; <a href=\"https:\/\/www.freefixer.com\/b\/tal%d1%96-grup-llc-20-detection-rate-tali-is-detected-as-amonetize-and-strictor\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">TAL\u0406 GRUP LLC &#8211; 20% Detection Rate &#8211; TALI is detected as Amonetize and Strictor<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3,54],"tags":[126,304,306,305],"_links":{"self":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts\/3411"}],"collection":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/comments?post=3411"}],"version-history":[{"count":1,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts\/3411\/revisions"}],"predecessor-version":[{"id":3416,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts\/3411\/revisions\/3416"}],"wp:attachment":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/media?parent=3411"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/categories?post=3411"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/tags?post=3411"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}