» rtn4zurs8u.exe
Overview
Analysis
File Details
Programs (1)

rtn4zurs8u.exe

Softacular

The application rtn4zurs8u.exe by Softacular has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Rockettab by Rich River Media, LLC which is a potentially unwanted software program.

File name:

rtn4zurs8u.exe

Publisher:

Softacular (signed and verified)

Version:

1.0.5406.12765

MD5:

29872f6ad1e8cda720f740db74fbb780

SHA-1:

4bea5391a77b6bd729f2ab54118315c72f575567

SHA-256:

88f3aba19018a377ffe504cd5183046275bbb687be8c2f8fa36ca34ad1246fd2

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/28/2024 6:49:13 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Softacul (M)

16.6.25.2

File size:

3.7 MB (3,886,816 bytes)

Product version:

1.0.5406.12765

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\rtn4zurs8u.exe

Digital Signature

Signed by:

Softacular

Authority:

COMODO CA Limited

Valid from:

3/24/2014 8:00:00 AM

Valid to:

3/25/2015 7:59:59 AM

Subject:

CN=Softacular, O=Softacular, STREET="4600 Madison Ave, 10th FL", L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

753A79B32D5A96BF1872FDE1AC60DEEA

File PE Metadata

Compilation timestamp:

10/20/2014 4:05:53 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

49152:FvS1UaAzITJPwLJVg5nQxwuJgri3hoia+vFI6Wdb+qQMcrF2i2Y4Y9o:F8NoLPAGFKiaTvpbNcrolfYG

Entry address:

0x3AAD13

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.3695

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

3.7 MB (3,837,440 bytes)

The file rtn4zurs8u.exe has been discovered within the following program.

Rockettab by Rich River Media, LLC

RocketTab is an adware program that injects advertising in the user's web browser by creating a local proxy server and routing all Internet traffic through that proxy. By re-routing traffic the service will be able to include various ads in the HTML of the displaying web page.

rockettab.com

88% remove it

Remove rtn4zurs8u.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.