rinti.exe

Polyanskaya Irina

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application rinti.exe by Polyanskaya Irina has been detected as adware by 16 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named DriverMgr triggered to execute each time a user logs in.
Publisher:
Polyanskaya Irina  (signed and verified)

MD5:
4d24b921f35ce5af0354f1add054a6e2

SHA-1:
83fd14c2765f1fbdd11d61b91b8afe05db807aef

SHA-256:
7b6dd6276566519bd0bff08837d6dca86b5c17272c3e343c58f5b97de3615fae

Scanner detections:
16 / 68

Status:
Adware

Analysis date:
12/25/2024 1:48:12 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.169175
694

AhnLab V3 Security
Adware/Win32.Vonteera
2014.12.12

Avira AntiVirus
TR/Graftor.82512
7.11.203.36

Bitdefender
Gen:Variant.Graftor.169175
1.0.20.360

Comodo Security
UnclassifiedMalware
20773

Dr.Web
Adware.Volaro.1
9.0.1.072

Emsisoft Anti-Malware
Gen:Variant.Graftor.169175
8.15.03.13.01

Fortinet FortiGate
Riskware/PUP
3/13/2015

F-Secure
Gen:Variant.Graftor.169175
11.2015-13-03_6

G Data
Gen:Variant.Graftor.169175
15.3.24

Malwarebytes
PUP.Optional.Downloader
v2014.12.12.01

McAfee
PUP-FSI
5600.6828

MicroWorld eScan
Gen:Variant.Graftor.169175
16.0.0.216

Norman
VMProtect.W
11.20150313

Reason Heuristics
PUP.Task.WebPick
15.3.18.1

VIPRE Antivirus
Trojan.Win32.Generic
36806

File size:
80.6 KB (82,512 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\jellylam\rinti.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
8/24/2014 8:00:00 PM

Valid to:
8/25/2015 7:59:59 PM

Subject:
CN=Polyanskaya Irina, O=Polyanskaya Irina, STREET="Suhata Reka, Bl. 225A, Ap. 42", L=Sofia, S=Sofia, PostalCode=1517, C=BG

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A4C6F876119E08B1C5FF63372D64B83F

File PE Metadata
Compilation timestamp:
12/9/2014 6:00:46 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:Wl3jPCh/EHTGitblkqxswiMwQuehkM7y3pQOB6OWa+Khd4:925t3swJvXd7y3pQHx

Entry address:
0x2F8D

Entry point:
E8, ED, 1B, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 03, 08, 00, 00, 3B, 0D, 90, 10, 41, 00, 75, 02, F3, C3, E9, 69, 1C, 00, 00, 8B, FF, 55, 8B, EC, 8B, 4D, 10, 85, C9, 74, 1B, 8B, 45, 0C, 0F, B7, D0, 8B, C2, C1, E2, 10, 57, 8B, 7D, 08, 0B, C2, D1, E9, F3, AB, 13, C9, 66, F3, AB, 5F, 8B, 45, 08, 5D, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 85, F6, 75, 04, 33, C0, EB, 64, 83, 7D, 08, 00, 75, 13, E8, 64, 22, 00, 00, 6A, 16, 5E, 89, 30, E8, 08, 22, 00, 00, 8B, C6, EB, 4B, 83, 7D, 10, 00, 74, 19...
 
[+]

Entropy:
6.4158

Code size:
45 KB (46,080 bytes)

Scheduled Task
Task name:
DriverMgr

Trigger:
Logon (Runs on logon)


Remove rinti.exe - Powered by Reason Core Security