home

reyrqmfnpd.exe

TV Time

Ratio Applications

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The application reyrqmfnpd.exe by Ratio Applications has been detected as adware by 13 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “reYRQmFnpD”. According to AVG, this software downloads additional adware offers during setup.
Publisher:
Ratio Applications  (signed and verified)

Product:
TV Time

Description:
TVTime Service

Version:
1.0.0.0

MD5:
6f1bd3763432ffe79fcd38ee58dfe7db

SHA-1:
743f6be0445716df012562298cb1361f22ceda15

SHA-256:
2060d6a19ae9e13baede2940d452f7421e706aa33ee290f93833f0d42b9ecd57

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
4/16/2024 4:59:36 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/PullUpdate.Gen7
8.3.2.4

AVG
Downloader
2016.0.2909

Baidu Antivirus
Adware.MSIL.PullUpdate
4.0.3.15121

Bkav FE
W32.HfsAdware
1.3.0.7383

Dr.Web
Adware.Yontoo.68
9.0.1.0335

ESET NOD32
MSIL/Adware.PullUpdate.G.gen (variant)
9.12648

IKARUS anti.virus
PUA.Downloader
t3scan.1.9.5.0

Malwarebytes
PUP.Optional.TVTime
v2015.12.01.06

McAfee
Artemis!6F1BD3763432
5600.6565

Qihoo 360 Security
QVM03.0.Malware.Gen
1.0.0.1077

Quick Heal
PUA.Ratioappli.Gen
12.15.14.00

Reason Heuristics
PUP.Injekt.RatioApplications (M)
15.12.1.6

Sophos
Pull Update (PUA)
4.98

File size:
2.9 MB (3,000,288 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Ratio Applications 2015

Original file name:
TVTimeService.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\fyljft\reyrqmfnpd.exe

Digital Signature
Signed by:
Ratio Applications

Authority:
Symantec Corporation

Valid from:
2/9/2015 7:00:00 PM

Valid to:
5/11/2016 7:59:59 PM

Subject:
CN=Ratio Applications, O=Ratio Applications, L=St. James, S=St. James, C=BB

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
2C6864FA270A42D59AC5ABB22BC46227

File PE Metadata
Compilation timestamp:
11/29/2015 11:13:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:qhcXs69YkQDO8y5lfmosExgI6SbX+DV51PfxMFR4gSrk3TIWbXPLW:qmXFyZM+s6qXOVecOby

Entry address:
0x2DC40E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9996

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.9 MB (2,991,616 bytes)

Service
Display name:
reYRQmFnpD

Type:
Win32OwnProcess

Depends on:
Winmgmt CryptSvc


Remove reyrqmfnpd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.