» rt-update.exe
Overview
Analysis
File Details
Programs (3)
Downloads (1)
Network (9)

rt-update.exe

The application rt-update.exe has been detected as a potentially unwanted program by 18 anti-malware scanners. Additionally, the file is typically installed by a number of programs including Rockettab by Rich River Media, LLC and “RocketTab” by Adknowledge, both potentially unwanted software. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from d1vcfkttd7h7ym.cloudfront.net.

File name:

rt-update.exe

MD5:

8c55a553b9dbef325ba1667826a9521b

SHA-1:

c071a6a650eb261901c9387d44c986d51957737f

SHA-256:

f474aca026b025e6c88cecc688d0758ff7aebce5b3e73051de575f92d4ee60c8

Scanner detections:

18 / 68

Status:

Potentially unwanted

Analysis date:

5/6/2024 8:46:11 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.IBryte

2015.03.20

Avira AntiVirus

ADWARE/iBryte.Gen

7.11.218.152

avast!

Win32:IBryte-JR [PUP]

2014.9-150319

AVG

Potentially harmful program Downloader

2016.0.3165

Baidu Antivirus

Adware.Win32.iBryte

4.0.3.15319

Clam AntiVirus

Win.Adware.Ibryte-8450

0.98/20462

Fortinet FortiGate

Adware/IBryte

3/19/2015

F-Prot

W32/S-8778616f

v6.4.7.1.166

G Data

Win32.Adware.Ibryte.AI

15.3.25

K7 AntiVirus

Adware

13.203.15915

Kaspersky

not-a-virus:AdWare.Win32.iBryte

14.0.0.2320

MicroWorld eScan

Gen:Variant.Adware.iBryte.10

16.0.0.234

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Sophos

Generic PUA MA

4.98

Trend Micro House Call

TROJ_GEN.R047H06CI15

7.2.78

Vba32 AntiVirus

AdWare.iBryte

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

38586

Zillya! Antivirus

Adware.iBryte.Win32.7875

2.0.0.2177

File size:

6.5 MB (6,850,560 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\rt-update.exe

File PE Metadata

Compilation timestamp:

3/3/2015 12:34:07 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:+nME9Fa5E9VCAL2kNYxMeCheuh7PffpwB3SA+QcckjWfoc90:+bTa5+VckGx5udPfRoCpjWfoQ

Entry address:

0x99ED

Entry point:

E8, FB, 31, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 5C, 93, A7, 00, FF, 15, 58, 50, 42, 00, 85, C0, 75, 18, 56, E8, 2A, 16, 00, 00, 8B, F0, FF, 15, 54, 50, 42, 00, 50, E8, DA, 15, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, A8, 88, A7, 00, 89, 0D, A4, 88, A7, 00, 89, 15, A0, 88, A7, 00, 89, 1D, 9C, 88, A7, 00, 89, 35, 98, 88, A7, 00, 89, 3D, 94, 88, A7, 00, 66, 8C, 15, C0, 88, A7, 00, 66, 8C, 0D, B4, 88, A7, 00... 
[+]

Entropy:

7.5104

Code size:

143.5 KB (146,944 bytes)

The file rt-update.exe has been discovered within the following programs.

“RocketTab” by Adknowledge

RocketTab is a web browser extension that injects display advertising in the user's browser. Ads are displayed in the form of banners and contextual text-links and are both injected in white space areas of the HTML page or over existing ads of the underlying web site.

85% remove it

Rockettab by Rich River Media, LLC

RocketTab is an adware program that injects advertising in the user's web browser by creating a local proxy server and routing all Internet traffic through that proxy. By re-routing traffic the service will be able to include various ads in the HTML of the displaying web page.

rockettab.com

88% remove it

RocketTab: by Adknowledge, Inc.

RocketTab is an advertising supported browser extension also known as adware and is designed to deliver ads to the user's Internet browser as banners, context text-links and transitionals ads. The injected ads are not affiliated with the underlying website on which they appear.

www.adknowledge.com

87% remove it

The file rt-update.exe has been seen being distributed by the following URL.

http://d1vcfkttd7h7ym.cloudfront.net/.../rt-installer.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-54-235-170-110.compute-1.amazonaws.com (54.235.170.110:80)

TCP (HTTP):

Connects to ec2-54-221-254-214.compute-1.amazonaws.com (54.221.254.214:80)

TCP (HTTP):

Connects to ec2-23-21-48-109.compute-1.amazonaws.com (23.21.48.109:80)

TCP (HTTP):

Connects to server-54-230-216-95.mrs50.r.cloudfront.net (54.230.216.95:80)

TCP (HTTP):

Connects to server-54-230-216-5.mrs50.r.cloudfront.net (54.230.216.5:80)

TCP (HTTP):

Connects to server-52-85-133-103.iad53.r.cloudfront.net (52.85.133.103:80)

TCP (HTTP SSL):

Connects to lga15s44-in-f20.1e100.net (74.125.226.84:443)

TCP (HTTP):

Connects to ec2-54-83-200-155.compute-1.amazonaws.com (54.83.200.155:80)

TCP (HTTP):

Connects to ec2-54-225-124-194.compute-1.amazonaws.com (54.225.124.194:80)

Remove rt-update.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.