home

d3tndrni.exe

Verti Technology Group, Inc.

This is part of the Verti bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file d3tndrni.exe by Verti Technology Group has been detected as adware by 7 anti-malware scanners. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from i.vertitechnologygroup.com.
Publisher:
Verti Technology Group, Inc.  (signed and verified)

Version:
1.0.139.0

MD5:
d870074626667b7e370fdd6aa76e2465

SHA-1:
5eb72a3fe9c22100d72a766ec9bdb4cf98797386

SHA-256:
c4abcd9e6349baa77dd77be62f02113676c0c4ec6392189e410fda5a530c4882

Scanner detections:
7 / 68

Status:
Adware

Analysis date:
11/23/2024 8:11:59 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:PUP-gen [PUP]
2014.9-141210

ESET NOD32
Win32/Verti
8.9070

herdProtect (fuzzy)
variant of tinymediaplayer_rocketfuelinstaller.exe (Adware)
2014.12.10.5

Malwarebytes
PUP.Optional.Verti
v2014.09.28.08

Reason Heuristics
PUP.VertiTechnologyGroup.M
14.9.28.20

Trend Micro House Call
TROJ_GEN.F47V1025
7.2.344

VIPRE Antivirus
Rocketfuel Installer
23530

File size:
498 KB (509,944 bytes)

Product version:
1.0.139.0

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\d3tndrni.exe.part

Digital Signature
Signed by:
Verti Technology Group, Inc.

Authority:
VeriSign, Inc.

Valid from:
11/14/2011 4:00:00 AM

Valid to:
11/14/2013 3:59:59 AM

Subject:
CN="Verti Technology Group, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Verti Technology Group, Inc.", L=Bellevue, S=Washington, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5E5A8F44B995DF01701554FBF18173B7

File PE Metadata
Compilation timestamp:
9/17/2013 7:06:22 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:LadgrQJ1Tcr7/RlN4PPT2Q/fp5gsGP71PzBoL/xsTkKFY4Ta1c6nuZdqZKoLJ:Gmrk1gr7/RlEPaQ/fp5gsGP71PzBoL/v

Entry address:
0x2F4AF

Entry point:
E8, ED, 9F, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 38, 31, 46, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 3C, 31, 46, 00, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, E6, 10, 00, 00, 85, C0, 75, 06, B8, A0, 32, 46, 00, C3, 83, C0, 08, C3, E8, D3, 10, 00, 00, 85, C0, 75, 06, B8, A4, 32, 46, 00, C3, 83, C0, 0C, C3, 8B, FF, 55, 8B, EC, 56, E8, E2, FF, FF, FF, 8B, 4D, 08...
 
[+]

Entropy:
6.4524

Code size:
284 KB (290,816 bytes)

The file d3tndrni.exe has been seen being distributed by the following URL.

http://i.vertitechnologygroup.com/stub/.../Flv2PC_RocketFuelInstaller.exe

Remove d3tndrni.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.