home

rtcsetup_ff.exe

Internet Trend Technology S.A

The application rtcsetup_ff.exe by Internet Trend Technology S.A has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
Internet Trend Technology S.A  (signed and verified)

MD5:
cb1ca4329943962536ad1f2d4907c9e1

SHA-1:
c527b5f61d78d2aeec7baffae224ab85188e7f32

SHA-256:
96265e5111b09d9ab96de3305935c6b039b7391ec35f84cd67fac132f66f7bc8

Scanner detections:
21 / 68

Status:
Adware

Analysis date:
4/24/2024 1:14:57 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.Gen
7.11.14.134

avast!
Win32:PUP-gen [PUP]
2014.9-150305

AVG
RelevantKnowledge
2016.0.3179

Bitdefender
MemScan:Adware.Relevant.BA
1.0.20.320

Comodo Security
Heur.Suspicious
10033

Dr.Web
Adware.Zugo.49
9.0.1.064

Emsisoft Anti-Malware
Riskware.AdWare.Win32.Relevant!IK
8.15.03.05.06

ESET NOD32
Win32/Adware.CXFGDII (variant)
9.6445

Fortinet FortiGate
Misc/Oss
3/5/2015

F-Prot
W32/AdSpy.A
v6.4.6.2.117

F-Secure
MemScan:Adware.Relevant.BA
11.2015-05-03_5

G Data
MemScan:Adware.Relevant.BA
15.3.22

IKARUS anti.virus
not-a-virus:AdWare.Win32.Relevant
t3scan.1.1.107.0

K7 AntiVirus
Adware
13.112.5100

Kaspersky
not-a-virus:WebToolbar.Win32.RK
14.0.0.2391

Panda Antivirus
Suspicious file
15.03.05.06

Reason Heuristics
PUP.Installer.InternetTrendTechnologySA
15.3.5.18

Rising Antivirus
Trojan.Win32.Generic.126F7D1F
23.00.65.15303

Sophos
RKnowledge Installer
4.69

Vba32 AntiVirus
Adware.Yontoo.a
3.12.16.4

VIPRE Antivirus
Yontoo
10405

File size:
3.2 MB (3,304,952 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\rtcsetup_ff.exe

Digital Signature
Signed by:
Internet Trend Technology S.A

Authority:
Thawte, Inc.

Valid from:
5/5/2011 8:00:00 PM

Valid to:
5/5/2012 7:59:59 PM

Subject:
CN=Internet Trend Technology S.A, O=Internet Trend Technology S.A, L=Panama City, S=Panama city, C=PA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0A3BF08C2B589E51F093CF8D5375B480

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:jSb5kusdoqEOTmWk6dk8CEaP15btmHvES:jOkusd/XkKC/RmH

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9972

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Remove rtcsetup_ff.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.