home

tinymediaplayer_rocketfuelinstaller.exe

Verti Technology Group, Inc.

This is the Verti bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application tinymediaplayer_rocketfuelinstaller.exe by Verti Technology Group has been detected as adware by 2 anti-malware scanners. The program is a setup application that uses the Verti Setup installer. The file has been seen being downloaded from i.vertitechnologygroup.com.
Publisher:
Verti Technology Group, Inc.  (signed and verified)

Version:
1.0.114.1

MD5:
f7e7390ee3782eb7caf5f936c25a0fa2

SHA-1:
f3375190db0981f94f9fcb0ff7cc0779972eaa0c

SHA-256:
b0f9556a60fc4c32eaa367d61b088bbf15ae9747c5669ce4aa7d7610c8f36ef8

Scanner detections:
2 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/24/2024 6:02:49 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.VertiTechnologyGroup.d
14.7.30.10

Trend Micro House Call
HV_ZYX_BL13297C.TOMC
7.2.253

File size:
443.5 KB (454,152 bytes)

Product version:
1.0.114.1

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Verti Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\tinymediaplayer_rocketfuelinstaller.exe

Digital Signature
Signed by:
Verti Technology Group, Inc.

Authority:
VeriSign, Inc.

Valid from:
11/13/2011 7:00:00 PM

Valid to:
11/13/2013 6:59:59 PM

Subject:
CN="Verti Technology Group, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Verti Technology Group, Inc.", L=Bellevue, S=Washington, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5E5A8F44B995DF01701554FBF18173B7

File PE Metadata
Compilation timestamp:
11/30/2012 5:52:18 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:O1rzrmYSuO+f0tIJCH74CMEFs+XZHTj8OGr+ep2cvJZeaSkBI6nuZg7Jz:ORrmXxOVQ74CMEFs+XZHTj8OGr+ep2e1

Entry address:
0x23238

Entry point:
E8, E8, 90, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, A8, 90, 44, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, AC, 90, 44, 00, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, E6, 10, 00, 00, 85, C0, 75, 06, B8, 10, 92, 44, 00, C3, 83, C0, 08, C3, E8, D3, 10, 00, 00, 85, C0, 75, 06, B8, 14, 92, 44, 00, C3, 83, C0, 0C, C3, 8B, FF, 55, 8B, EC, 56, E8, E2, FF, FF, FF, 8B, 4D, 08...
 
[+]

Entropy:
6.8810

Code size:
206 KB (210,944 bytes)

The file tinymediaplayer_rocketfuelinstaller.exe has been seen being distributed by the following URL.

http://i.vertitechnologygroup.com/stub/.../TinyMediaPlayer_RocketFuelInstaller.exe

Remove tinymediaplayer_rocketfuelinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.