» rencontreshard.exe
Overview
Analysis
File Details
Programs (1)
Network (4)

rencontreshard.exe

Rencontres Hard

Rentabiliweb Belgique

The executable rencontreshard.exe, “Rencontres Hard Notifier” has been detected as malware by 1 anti-virus scanner. This file is typically installed with the program Rencontres Hard by Rentabiliweb. While running, it connects to the Internet address media.yesmessenger.com on port 80 using the HTTP protocol.

File name:

rencontreshard.exe

Publisher:

Rentabiliweb (signed by Rentabiliweb Belgique)

Product:

Rencontres Hard

Description:

Rencontres Hard Notifier

Version:

4,0,48,12

MD5:

89b002a9919355fbe5443eb831641fa2

SHA-1:

90ed6797ab20711648d5014213f474056acc9676

SHA-256:

0c66788ffc5a9422bfb75ce387dc2bd5accdaa760771b850f993743e639c0753

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

4/24/2024 11:31:49 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Optional.Rentabiliweb.Messanger.Meta (L)

16.5.2.15

File size:

17 MB (17,871,408 bytes)

Product version:

4,0,48,12

Rentabiliweb Copyright c 2010

Original file name:

rencontreshard.exe

File type:

Executable application (Win32 EXE)

Language:

French

Common path:

C:\Program Files\rencontreshard\rencontreshard.exe

Digital Signature

Signed by:

Rentabiliweb Belgique

Authority:

VeriSign, Inc.

Valid from:

9/29/2014 2:00:00 AM

Valid to:

11/28/2016 12:59:59 AM

Subject:

CN=Rentabiliweb Belgique, O=Rentabiliweb Belgique, L=Bruxelles, S=Saint-Gilles, C=BE

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

51836B793C9006E894EEF076C21FFF8A

File PE Metadata

Compilation timestamp:

4/28/2016 10:40:53 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

393216:Xkb3V3YhjQ5qsPngJUI4DxaRgXXdJsv6tWKFdu9C3yp:XkSqgKI4DIu9yp

Entry address:

0x8B4297

Entry point:

E8, 6B, D2, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, 05, 43, CB, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, 9B, 71, 1E, 00, 8B, 45, 0C, 8B, 40, 04, 83, E0, FD, 8B, 4D, 0C, 89, 41, 04, 64, 8B, 3D... 
[+]

Code size:

11.7 MB (12,301,312 bytes)

The file rencontreshard.exe has been discovered within the following program.

Rencontres Hard by Rentabiliweb

www.carpediem.fr

About 3% of users remove it

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to wzms2.2town.net (91.226.182.102:1936)

TCP (HTTP):

Connects to vip1.carpediem.fr (91.226.182.241:80)

TCP (HTTP):

Connects to media.thumbs-share.com (91.226.182.224:80)

TCP (HTTP):

Connects to media.yesmessenger.com (91.226.182.222:80)

Remove rencontreshard.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.