home

mediaplayerclassic_rocketfuelinstaller.exe

Verti Technology Group, Inc.

This is the Verti bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application mediaplayerclassic_rocketfuelinstaller.exe by Verti Technology Group has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the Verti Setup installer. The file has been seen being downloaded from inst.get-soft.com and multiple other hosts.
Publisher:
Verti Technology Group, Inc.  (signed and verified)

Version:
1.0.0.18

MD5:
fe6e47a245f630fb395a822758465325

SHA-1:
b2decee807c5d13e521dee1896d6d501e6c230d0

SHA-256:
96799cd048c8c1022dc1f83b173b1c9967f46f83cb667a1a2a9d7ac145dcfac2

Scanner detections:
9 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
5/4/2024 11:33:50 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Adware-BGF [PUP]
2014.9-141029

AVG
Generic
2015.0.3306

Baidu Antivirus
PUA.Win32.Verti
4.0.3.141029

Dr.Web
Adware.Downware.8721
9.0.1.0302

ESET NOD32
Win32/Verti (variant)
8.10640

Kaspersky
not-a-virus:AdWare.NSIS.Rocketfuel
14.0.0.3026

Malwarebytes
PUP.Optional.Rocketfuel
v2014.10.29.08

Reason Heuristics
PUP.VertiTechnologyGroup.g
14.10.29.20

VIPRE Antivirus
Rocketfuel Installer
34348

File size:
371.6 KB (380,488 bytes)

Product version:
1.0.0.18

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Verti Setup (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\mediaplayerclassic_rocketfuelinstaller.exe

Digital Signature
Signed by:
Verti Technology Group, Inc.

Authority:
VeriSign, Inc.

Valid from:
11/14/2013 1:00:00 AM

Valid to:
12/15/2015 12:59:59 AM

Subject:
CN="Verti Technology Group, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Verti Technology Group, Inc.", L=Bellevue, S=Washington, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2F53536EA4011E81FBFFD28C4B0BEB6F

File PE Metadata
Compilation timestamp:
12/5/2009 11:52:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:VSlBaLLfWZ5ZihOFwbmZipqW+5m+e1N0jie6jX2LRVMffXHJW:vLfW7EIFwUfs0VuXq4fXHJW

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file mediaplayerclassic_rocketfuelinstaller.exe has been seen being distributed by the following 3 URLs.

http://inst.get-soft.com/dl/42/25760/6269/.../

http://i.get-soft.com/stub/RFI/.../MediaPlayerClassic_RocketFuelInstaller.exe

http://inst.get-soft.com/dl/42/25758/6222/.../

Remove mediaplayerclassic_rocketfuelinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.