Welcome! If you’ve been following my recent posts here on the FreeFixer blog, you know that I’ve been looking at files that have a valid digital signature and bundle various types of potentially unwanted programs. A few days ago I found another publisher named TALI GRUP LLC.

This is how TALI GRUP LLC appears when running the file:

You can also look at the TALI GRUP LLC certificate and digital signature by looking under the Digital Signatures tab on the file’s properties. According to the certificate, TALІ GRUP LLC is located in Ukraine in the city of Kiev. The certificate is brand new.

The problem is that FlashPlayer__6741_i1416407838_il113.exe is not an official Flash Player download. If it was, it should be digitally signed by Adobe Systems Incorporated.

So, why am I writing about the TALІ GRUP LLC file? Check out what the antimalware programs report about the file:

AhnLab-V3 detects FlashPlayer__6741_i1416407838_il113.exe as PUP/Win32.Amonetiz, BitDefender detects it as Gen:Variant.Adware.Strictor.68509 and Malwarebytes classifies it as PUP.Optional.Amonetize are a few of the detection names for FlashPlayer__6741_i1416407838_il113.exe.

To see more in details what changes the TALІ GRUP LLC file would do on a user’s computer I decided to run the file on my lab machine. The installer bundled some additional software such as Wajam, VuuPC, Salus and My Start Search. Here’s a screenshot from the installer:

Did you also find a file signed by TALІ GRUP LLC? What kind of download was it and where did you find it?

Thank you for reading.