home

Rainnd Inc

Publisher Information

Rainnd Inc is a software publisher located in New York, United States*. A majority of the programs developed by the company can be classified as adware or other potentially unwanted programs. There is one additional code signing certificate issued to this publisher.
Authority:
Starfield Technologies, Inc.

Valid from:
9/23/2015 1:29:38 AM

Valid to:
9/23/2016 1:29:38 AM

Subject:
CN=Rainnd Inc, O=Rainnd Inc, L=New York, S=New York, C=US

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
3c54cbc590da5afc

Scanner detections:
Detections  (79% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP, Threat.Win.Reputation (M)
60.47%

avast!
Win32:Adware-BGO [PUP], Win32:Adware-gen [Adw], Win32:Seimon-B [Drp], Win32:Evo-gen [Susp]
39.53%

AVG
Luhe.Fiha.A, Generic5, Generic6
39.53%

ESET NOD32
Win32/Adware.CloverPlus.AD (variant), Win32/Adware.CloverPlus.AB (variant)
34.88%

Dr.Web
Trojan.DownLoader11.63976, DLOADER.Trojan, Trojan.DownLoader17.242, Trojan.Click3.15388, BackDoor.Siggen.58321, Trojan.DownLoader11.37976, Trojan.DownLoader22.10597
34.88%

Avira AntiVirus
TR/Agent.bta, ADWARE/CloverPlus.239712, ADWARE/CloverPlus.120928, ADWARE/CloverPlus.288864.1, ADWARE/CloverPlus.100448, ADWARE/CloverPlus.120928.1
32.56%

AhnLab V3 Security
PUP/Win32.CloverPlus, PUP/Win32.WinKeyword
32.56%

IKARUS anti.virus
PUA.CloverPlus, Trojan-Downloader.Win32.Seimon
27.91%

Qihoo 360 Security
Win32/Trojan.0e5, Win32/Trojan.IM.e09, HEUR/QVM07.1.Malware.Gen, Win32/Virus.Adware.0f0, HEUR/QVM41.2.Malware.Gen
25.58%

K7 AntiVirus
Adware
23.26%

0 / 68
SkinFactoryInstall.EXE  (15754e0d54a87cd2d14550fa98feddd0)

1 / 68      (Malware)
poten2.exe  (790d3c191b05666c549df5c5b0e641a5)

1 / 68      (Malware)
poten3.exe  (16ef7b39d29714443338d1c7a5558701)

1 / 68      (inconclusive)
mbtipv32.exe  (d77d0f4dac2a1ef85308975dd07d7404)

0 / 68
mbtipv32.exe  (1370dab18940435ab27e5d5a3838f276)

2 / 68      (inconclusive)
mbtipv32.exe  (eb68bfd62e1f034a5c7fbb3e72c032a2)

1 / 68      (Malware)
poten1.exe  (73986e1183f4a02619204c8c9ec941e8)

1 / 68      (Malware)
~tmp_file_007.exe  (4bade9752dd2d023b9da85dd09bbe8ec)

1 / 68      (Malware)
poten2.exe  (a53e86d187260738da42a451876a43d0)

1 / 68      (inconclusive)
mbtipv32.exe  (8c5ee5a02649de1e6e607a57bde3784f)

1 / 68      (inconclusive)
mbtipv32.exe  (cbce8a47a215f4a7958478720e8b9fdf)

1 / 68      (Malware)
kkeywork.exe  (d2b9596cab76d5b20b707a775c586a4f)

5 / 68      (PUP)
mbtiupv32.exe  (2d0e3cd27bd32132f1685597fe105230)

8 / 68      (PUP)
kkeywork.exe  (7824b7b88ec7f0e0f4cc952ec92edcaf)

0 / 68
SkinFactory.exe  (80f51542e804ef6f53e42d494d9d9406)

4 / 68      (inconclusive)
SkinFactoryInstall.EXE  (10706bad6583a6804000ceb3397a7899)

0 / 68
SkinFactory.exe  (3729d0287d0dc7b308fd6e221d1908e7)

4 / 68      (inconclusive)
SkinFactoryInstall.EXE  (dfd29d738edb2cb3f2dd4e80004d96e5)

1 / 68      (Malware)
AFlashPlugin_uninstaller.EXE  (ee8bb2884c5163d0068e70aa162a2ac0)

1 / 68      (Malware)
sfi_1.exe  (70583cbefe6bab5fdee43bd480b44dd0)

1 / 68      (Malware)
wd_id01.exe  (84f084b3b60cccd35452df6d4ba8e48f)

24 / 68    (PUP)
aflashplugin_up.exe  (022eda6e793ab5e00c644d7f946a6d20)

1 / 68      (Malware)
SkinFactoryInstall.EXE  (7483cd6a9feb0a6752446e245a57633f)

1 / 68      (Malware)
bt_ecu3.exe  (aa7c81d99f7bef6536b6906d8d3213a2)

1 / 68      (Malware)
wd_id11.exe  (ddf2a08cef6e5c0fe5e7c7d341e100d4)

1 / 68      (Malware)
SkinFactory.exe  (65e3d224ecd20979435009745ff235de)

1 / 68      (Malware)
afp.exe  (61e256f93d974557ae21cabb8819651b)

15 / 68    (PUP)
kkeywork.exe  (7a0a25dcfd677165bee326acb18a9b4f)

7 / 68      (PUP)
kkeywork.exe  (ff5031e13684bd9329d32d1c9220333c)

1 / 68      (Malware)
AFlashPlugin.EXE  (76f447543b3f3d9e3a535ce2e2ffb9af)

 
Latest 30 of 47 files

Downloads URLs for files signed by Rainnd Inc.

1 / 68      (Malware)
http://app.kkeywork.com/.../c_exe.exe  (d2b9596cab76d5b20b707a775c586a4f)

1 / 68      (Malware)
http://ad.skinfactoryapp.com/apps/.../SkinFactory.exe  (65e3d224ecd20979435009745ff235de)

8 / 68      (PUP)
http://app.kkeywork.com/.../c_exe.exe  (7824b7b88ec7f0e0f4cc952ec92edcaf)

15 / 68    (PUP)
http://app.kkeywork.com/.../c_exe.exe  (7a0a25dcfd677165bee326acb18a9b4f)

1 / 68      (Malware)
http://m.mbticons.com/files/.../mbt.exe  (e4a993db31c9911006dd152adffb1897)

The following websites host and distribute files published by Rainnd Inc.

ad.skinfactoryapp.com

app.kkeywork.com

m.mbticons.com

The following certificate is also signed by Rainnd Inc.

277FB6AB1157A64B  (Oct 20, 2016 to Sep 27, 2017)

* Note, the details and description above are based on the code signing digital signature issued to Rainnd Inc by Starfield Technologies, Inc. on September 23, 2015 with the serial number '3c54cbc590da5afc'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.