home

pagealicious_rocketfuelinstaller.exe

Verti Technology Group, Inc.

This is the Verti bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application pagealicious_rocketfuelinstaller.exe by Verti Technology Group has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the Verti Setup installer. The file has been seen being downloaded from inst.vertitechnologygroup.com and multiple other hosts.
Publisher:
Verti Technology Group, Inc.  (signed and verified)

Version:
1.0.143.0

MD5:
a3b52c3a7eb5b7ed390f5f28070a6b4e

SHA-1:
05f1a6c58cad8796d84b8e70f2f37288e8092187

SHA-256:
51d02f81dd50996161ef0c357d161df94c76885a90da15d25467ccf421fec6b3

Scanner detections:
24 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/19/2024 10:53:23 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.Verti
7.1.1

Avira AntiVirus
APPL/Verti.A
7.11.216.60

avast!
Win32:Adware-BGF [PUP]
2014.9-150525

AVG
Generic
2016.0.3099

Baidu Antivirus
Adware.Win32.Verti
4.0.3.15525

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
UnclassifiedMalware
21376

Dr.Web
Adware.Downware.1714
9.0.1.0145

ESET NOD32
Win32/Verti.A potentially unwanted (variant)
9.11305

K7 AntiVirus
Unwanted-Program
13.200.15235

Kaspersky
not-a-virus:AdWare.Win32.Verti
14.0.0.1989

Malwarebytes
PUP.Optional.RocketFuel
v2015.05.25.05

McAfee
Artemis!A3B52C3A7EB5
5600.6755

NANO AntiVirus
Riskware.Win32.Verti.crduqj
0.30.0.296

Norman
Agent.BKBXY
11.20150525

Quick Heal
AdWare.Verti.r5 (Not a Virus)
5.15.14.00

Reason Heuristics
PUP.Verti.Bundler
15.5.25.5

Rising Antivirus
PE:Malware.Verti!6.179D
23.00.65.15523

Sophos
Verti
4.98

Trend Micro House Call
TROJ_GEN.R047C0EKL14
7.2.145

Trend Micro
TROJ_GEN.R047C0EKL14
10.465.25

Vba32 AntiVirus
AdWare.Verti
3.12.26.3

VIPRE Antivirus
Rocketfuel Installer
38344

Zillya! Antivirus
Adware.Verti.Win32.2
2.0.0.2093

File size:
498.8 KB (510,744 bytes)

Product version:
1.0.143.0

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Verti Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\pagealicious_rocketfuelinstaller.exe

Digital Signature
Signed by:
Verti Technology Group, Inc.

Authority:
VeriSign, Inc.

Valid from:
11/14/2013 8:00:00 AM

Valid to:
12/15/2015 7:59:59 AM

Subject:
CN="Verti Technology Group, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Verti Technology Group, Inc.", L=Bellevue, S=Washington, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2F53536EA4011E81FBFFD28C4B0BEB6F

File PE Metadata
Compilation timestamp:
11/19/2013 5:26:17 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:9HTsDNpXT9JdoMWSCgIdkQ/fp5gsGP71PzBoL/xsTkKFYUI4Q6nuZ9e1:NmNxT7ddWSseQ/fp5gsGP71PzBoL/xsB

Entry address:
0x3063F

Entry point:
E8, CD, 9F, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 38, 51, 46, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 3C, 51, 46, 00, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, E6, 10, 00, 00, 85, C0, 75, 06, B8, A0, 52, 46, 00, C3, 83, C0, 08, C3, E8, D3, 10, 00, 00, 85, C0, 75, 06, B8, A4, 52, 46, 00, C3, 83, C0, 0C, C3, 8B, FF, 55, 8B, EC, 56, E8, E2, FF, FF, FF, 8B, 4D, 08...
 
[+]

Entropy:
6.4520

Code size:
288.5 KB (295,424 bytes)

The file pagealicious_rocketfuelinstaller.exe has been seen being distributed by the following 2 URLs.

http://inst.vertitechnologygroup.com/dl/88/5413/969/.../

http://inst.vertitechnologygroup.com/dl/88/14611/969/.../

Remove pagealicious_rocketfuelinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.