home

RaclSvc.exe

RaclSvc Module

Massinfo Inc.

The application RaclSvc.exe by Massinfo has been detected as a potentially unwanted program by 26 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Racl’. This will plug into the web browser and collect information about the user's browsing activities (such as visited URLs) in order to display targeted popup advertisements.
Publisher:
Massinfo Inc.  (signed and verified)

Product:
RaclSvc Module

Version:
1, 0, 0, 1

MD5:
9cb91cac7c9cc806deb7e5c882d4588c

SHA-1:
b4a48aca57f5eb7370f94bb3fd0f6efefa2d8859

SHA-256:
d816359a40a43048a99a51e7a9a88f8dec8b391b963e389d703b221cfd72669f

Scanner detections:
26 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 2:46:18 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.532921
694

Agnitum Outpost
Adware.Kraddare
7.1.1

AhnLab V3 Security
PUP/Win32.Speller
15.03.13

Avira AntiVirus
Adware/RightClick.A
7.11.88.110

avast!
Win32:Adware-APT [PUP]
2014.9-150127

AVG
Generic5
2016.0.3216

Baidu Antivirus
AdWare.Win32.Kraddare
4.0.3.15313

Bitdefender
Application.Generic.532921
1.0.20.360

Bkav FE
W32.Clodcf6.Trojan
1.3.0.4959

Comodo Security
UnclassifiedMalware
16536

ESET NOD32
Win32/Adware.Kraddare.FJ (variant)
9.8518

Fortinet FortiGate
Riskware/Kraddare
3/13/2015

G Data
Application.Generic.532921
15.3.24

K7 AntiVirus
Trojan
13.170.8947

Malwarebytes
Adware.KorAd
v2015.01.27.04

MicroWorld eScan
Application.Generic.532921
16.0.0.216

NANO AntiVirus
Trojan.Win32.Kraddare.ybvvl
0.24.0.53304

Quick Heal
Adware.Adpopup (Not a Virus)
3.15.14.00

Reason Heuristics
PUP.Startup.Massinfo
15.1.27.16

Rising Antivirus
PE:Trojan.Win32.Generic.1347805B!323453019
23.00.65.15311

Sophos
Generic PUA LE
4.90

SUPERAntiSpyware
Adware.KorAd
10001

Trend Micro House Call
ADW_KRADDARE
7.2.27

Trend Micro
ADW_KRADDARE
10.465.27

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
19250

XVirus List
Win32.Detected
2.7.23

File size:
277.5 KB (284,208 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright 2012

Original file name:
RaclSvc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\racl\raclsvc.exe

Digital Signature
Signed by:
Massinfo Inc.

Authority:
Thawte, Inc.

Valid from:
12/22/2011 7:00:00 PM

Valid to:
12/22/2012 6:59:59 PM

Subject:
CN=Massinfo Inc., OU=SE Team, O=Massinfo Inc., L=Guro-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0C6668612EFA1FB7A731C63C1A13ADA2

File PE Metadata
Compilation timestamp:
3/26/2012 12:46:17 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:wvH8qgS5Rn9C4HFTSi/hPmLLrmzjFDoETf2oyCvYt:wBR9/hOL4jFDoweoLYt

Entry address:
0x1E361

Entry point:
E8, 22, 41, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 97, 08, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 66, 8B, 08, 40, 40, 66, 85, C9, 75, F6, 2B, 45, 08, D1, F8, 48, 5D, C3, 3B, 0D, 00, A9, 43, 00, 75, 02, F3, C3, E9, 7F, 41, 00, 00, 8B, FF, 55, 8B, EC, 51, 8B, 4D, 08, 53, 56, 57, 33, FF, 89, 7D, FC, 3B, CF, 0F, 84, 81, 00, 00, 00, 8B, 55, 0C, 3B, D7, 75, 07, 39, 7D, 10, 75, 75, EB, 05, 39, 7D, 10, 74, 6E, 39, 7D, 14, 75, 07, 39, 7D, 18, 75, 64, EB, 05, 39, 7D, 18, 74, 5D, 39, 7D, 1C, 75, 07...
 
[+]

Entropy:
6.4049

Code size:
192.5 KB (197,120 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Racl

Command:
C:\Program Files\racl\raclsvc.exe


Remove RaclSvc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.