home

rencontreshard.exe

Rencontres Hard

Rentabiliweb Belgique

The application rencontreshard.exe by Rentabiliweb Belgique has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from download.rencontreshard.com.
Publisher:
Rentabiliweb  (signed by Rentabiliweb Belgique)

Product:
Rencontres Hard

Version:
1.0.0.4

MD5:
2debe4419ce951db97240d85df4e3f5d

SHA-1:
395803161d3d1b955db375979d0edae2e4e3fb42

SHA-256:
19a0ea0a23ca8c92d9a73beda2fc40aa5d4bfc932e59657ed0efbef090209e83

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 6:22:45 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
W32/Virut.Gen
7.11.30.172

Dr.Web
Trojan.DownLoader10.14711
9.0.1.024

F-Secure
Riskware.Application.Bundler.AA
11.2016-24-01_1

Reason Heuristics
Optional.Rentabiliweb.Messanger.Installer.Meta (L)
16.1.24.2

Trend Micro House Call
HV_ZYX_BK083B4D.TOMC
7.2.24

File size:
135.1 KB (138,352 bytes)

Copyright:
Rentabiliweb

Trademarks:
Rencontres Hard is a trademark of Rentabiliweb company

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\rencontreshard.exe

Digital Signature
Signed by:
Rentabiliweb Belgique

Authority:
VeriSign, Inc.

Valid from:
10/8/2012 2:00:00 AM

Valid to:
10/20/2014 1:59:59 AM

Subject:
CN=Rentabiliweb Belgique, OU=IT, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Rentabiliweb Belgique, L=Bruxelles, S=Saint-Gilles, C=BE

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2CBF12B6DDCA81E1319702E79282058A

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:hQpQ5EP0ijnRTXJxCizhSVddPWkFEg5hwQE674HZIKNJrGZuWZL6:hQIURTXJcchSVzPdvDwQt74HJreG

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file rencontreshard.exe has been seen being distributed by the following URL.

http://download.rencontreshard.com/63980/.../rencontreshard.exe

Remove rencontreshard.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.