d3tndrni.exe

Verti Technology Group, Inc.

This is part of the Verti bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file d3tndrni.exe by Verti Technology Group has been detected as adware by 7 anti-malware scanners. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from i.vertitechnologygroup.com.
Publisher:
Verti Technology Group, Inc.  (signed and verified)

Version:
1.0.139.0

MD5:
d870074626667b7e370fdd6aa76e2465

SHA-1:
5eb72a3fe9c22100d72a766ec9bdb4cf98797386

SHA-256:
c4abcd9e6349baa77dd77be62f02113676c0c4ec6392189e410fda5a530c4882

Scanner detections:
7 / 68

Status:
Adware

Analysis date:
12/24/2024 11:32:07 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:PUP-gen [PUP]
2014.9-141210

ESET NOD32
Win32/Verti
8.9070

Malwarebytes
PUP.Optional.Verti
v2014.09.28.08

Reason Heuristics
PUP.VertiTechnologyGroup.M
14.9.28.20

Trend Micro House Call
TROJ_GEN.F47V1025
7.2.344

VIPRE Antivirus
Rocketfuel Installer
23530

File size:
498 KB (509,944 bytes)

Product version:
1.0.139.0

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\d3tndrni.exe.part

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
11/14/2011 4:00:00 AM

Valid to:
11/14/2013 3:59:59 AM

Subject:
CN="Verti Technology Group, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Verti Technology Group, Inc.", L=Bellevue, S=Washington, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5E5A8F44B995DF01701554FBF18173B7

File PE Metadata
Compilation timestamp:
9/17/2013 7:06:22 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:LadgrQJ1Tcr7/RlN4PPT2Q/fp5gsGP71PzBoL/xsTkKFY4Ta1c6nuZdqZKoLJ:Gmrk1gr7/RlEPaQ/fp5gsGP71PzBoL/v

Entry address:
0x2F4AF

Entry point:
E8, ED, 9F, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 38, 31, 46, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 3C, 31, 46, 00, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, E6, 10, 00, 00, 85, C0, 75, 06, B8, A0, 32, 46, 00, C3, 83, C0, 08, C3, E8, D3, 10, 00, 00, 85, C0, 75, 06, B8, A4, 32, 46, 00, C3, 83, C0, 0C, C3, 8B, FF, 55, 8B, EC, 56, E8, E2, FF, FF, FF, 8B, 4D, 08...
 
[+]

Entropy:
6.4524

Code size:
284 KB (290,816 bytes)

The file d3tndrni.exe has been seen being distributed by the following URL.

Remove d3tndrni.exe - Powered by Reason Core Security