Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

3.5.1307.82 5.00%
3.5.1307.76 5.00%
3.5.1304.29 10.00%
3.5.1208.41 5.00%
3.5.1208.36 5.00%
3.5.1208.34 5.00%
3.5.1208.24 10.00%
3.5.1207.40 10.00%
3.5.1205.17 10.00%
3.5.1205.15 5.00%
3.5.1201.94 15.00%
3.5.1108.73 5.00%
3.5.1108.70 5.00%
3.5.1108.50 5.00%

Relationships


PE structurePE file structure

Show functions
Import table
advapi32.dll
CryptGenRandom, RegCloseKey, OpenServiceA, OpenSCManagerA, RegQueryValueExA, RegOpenKeyA, DeleteService, RegSetValueExA, CreateServiceA, RegDeleteValueW, StartServiceW, QueryServiceStatusEx, CryptEncrypt, CryptAcquireContextW, CryptGenKey, CryptReleaseContext, CryptImportKey, CryptExportKey, CryptDestroyKey, ConvertSidToStringSidA, AllocateAndInitializeSid, EqualSid, FreeSid, DuplicateTokenEx, ConvertStringSidToSidW, GetLengthSid, SetTokenInformation, CreateProcessAsUserA, RegQueryValueExW, QueryServiceStatus, RegOpenKeyExA, OpenProcessToken, GetTokenInformation, GetSidSubAuthority, RegOpenKeyExW, CloseServiceHandle, RegDeleteKeyW, RegCreateKeyExW, RegSetValueExW, RegQueryInfoKeyW, RegEnumKeyExW, OpenSCManagerW, OpenServiceW, GetNamedSecurityInfoW, GetEffectiveRightsFromAclW, SetEntriesInAclW, SetNamedSecurityInfoW
gdi32.dll
TextOutW, CreateHatchBrush, GetPixel, SetPixel, SetDCBrushColor, GetStockObject, GetObjectW, CreateSolidBrush, GetTextExtentPoint32W, PatBlt, CreateFontIndirectW, DeleteObject, GetDeviceCaps, BitBlt, CreateCompatibleDC, CreateCompatibleBitmap, DeleteDC, SelectObject, CreateRectRgn, GetRandomRgn, GetRegionData, GetDIBits
iphlpapi.dll
GetAdaptersAddresses, GetAdaptersInfo
js32.dll
JS_GetStringBytes, JS_DefineFunctions, JS_SetProperty, JS_InitStandardClasses, JS_SetGlobalObject, JS_NewObject, JS_SetVersion, JS_SetOptions, JS_GetOptions, JS_NewContext, JS_SetGCParameter, JS_Init, JS_GetImplementationVersion, JS_CallFunctionName, JS_GetClass, JS_NextProperty, JS_TypeOfValue, JS_NewPropertyIterator, JS_SetContextPrivate, JS_GetStringLength, JS_GetContextPrivate, JS_ReportPendingException, JS_IsExceptionPending, JS_NewStringCopyN, JS_ValueToString, JS_GetElement, JS_GetArrayLength, JS_IsArrayObject, JS_GetProperty, JS_ConvertArguments, JS_LeaveLocalRootScope, JS_EnterLocalRootScope, JS_ShutDown, JS_Finish, JS_DestroyContext, JS_GC, JS_RemoveRoot, JS_GetGlobalObject, JS_CompileScriptForPrincipals, JS_DestroyScript, JS_ExecuteScript, JS_MaybeGC, JS_GetFunctionName, JS_ValueToFunction, JS_DefineFunction, JS_NewArrayObject, JS_CallFunctionValue, JS_AddRoot, JS_SetGCCallback, JS_SetDebugErrorHook, JS_SetErrorReporter
kernel32.dll
DllMain, IsWow64Process, GetFileAttributesA, InterlockedExchangeAdd, GetSystemTime, VirtualProtect, Process32NextW, Process32FirstW, CreateToolhelp32Snapshot, DeviceIoControl, ReadFile, GetSystemDirectoryA, GetWindowsDirectoryA, ResetEvent, MapViewOfFileEx, CreateFileMappingW, UnmapViewOfFile, HeapFree, GetProcessHeap, lstrlenA, lstrcmpW, MulDiv, GlobalUnlock, GlobalLock, GlobalAlloc, ExpandEnvironmentStringsW, GetSystemTimeAsFileTime, GetComputerNameExW, GetVolumeInformationA, FlushInstructionCache, lstrcpynW, QueryPerformanceFrequency, QueryPerformanceCounter, CompareFileTime, FindFirstFileA, FindNextFileA, ExpandEnvironmentStringsA, FindNextFileW, RemoveDirectoryW, CreateDirectoryW, CopyFileW, MoveFileW, CreateFileA, GetFileTime, LocalFree, WideCharToMultiByte, GetExitCodeProcess, GetVersionExA, GetVersionExW, SuspendThread, GetThreadContext, ResumeThread, OutputDebugStringA, InterlockedExchange, GetFileAttributesW, FormatMessageA, CreateEventW, LoadLibraryW, LoadLibraryA, SetLastError, SetEvent, SetProcessShutdownParameters, CreateEventA, GetTimeFormatA, GetDateFormatA, DeleteFileW, GetProcessTimes, GetTempPathW, GetTempFileNameW, SystemTimeToTzSpecificLocalTime, GetTimeFormatW, GetDateFormatW, FileTimeToSystemTime, DuplicateHandle, GetProcessId, GetModuleFileNameA, CreateProcessA, WaitForSingleObject, GetTickCount, GetCommandLineA, LoadLibraryExW, WriteFile, GlobalFree, VirtualQuery, LoadLibraryExA, WaitForMultipleObjects, SetWaitableTimer, CancelWaitableTimer, LocalAlloc, GetStartupInfoA, GetACP, GetLocaleInfoA, GetThreadLocale, HeapAlloc, IsProcessorFeaturePresent, VirtualFree, VirtualAlloc, CreateWaitableTimerW, FindFirstChangeNotificationW, FindNextChangeNotification, FindCloseChangeNotification, ReadProcessMemory, ProcessIdToSessionId, OpenEventA, GetSystemTimes, GetLocalTime, GetLastError, CloseHandle, GetCurrentProcess, Sleep, OpenProcess, SleepEx, GetCurrentThread, CreateThread, GetProcAddress, GetModuleHandleA, MultiByteToWideChar, QueryDosDeviceA, FindClose, FindFirstFileW, EnterCriticalSection, LeaveCriticalSection, InterlockedIncrement, InterlockedDecrement, DeleteCriticalSection, InitializeCriticalSection, InterlockedCompareExchange, CreateFileW, GetSystemDirectoryW, RaiseException, GetModuleHandleW, GetCurrentProcessId, OpenMutexA, GetEnvironmentVariableW, TerminateProcess, SetUnhandledExceptionFilter, GetCurrentThreadId, DebugBreak, GetModuleFileNameW, CreateProcessW, lstrlenW, lstrcmpiW, FreeLibrary, SizeofResource, LoadResource, FindResourceW
msvcp80.dll
DllMain
msvcr80.dll
DllMain
ole32.dll
CLSIDFromProgID, CoTaskMemRealloc, CoSetProxyBlanket, OleRun, OleUninitialize, OleInitialize, CreateStreamOnHGlobal, CLSIDFromString, CoTaskMemAlloc, CoGetClassObject, OleLockRunning, StringFromGUID2, CoUninitialize, CoInitializeEx, CoTaskMemFree, CoCreateInstance
psapi.dll
EnumProcesses, GetModuleInformation, EnumProcessModules, GetModuleBaseNameA, GetProcessMemoryInfo, GetModuleFileNameExA
rapportutil.dll
DllMain
rpcrt4.dll
UuidCreate, UuidToStringW, RpcStringFreeW
shell32.dll
Shell_NotifyIconA, Shell_NotifyIconW, ShellExecuteA, SHGetFolderPathA, ShellExecuteExA, SHGetFolderPathW, SHFileOperationW
shlwapi.dll
AssocQueryStringA, PathAppendA, SHDeleteKeyW
trf.dll
counters_release, stacktrace_get_stack_trace, env_alloc_default, iterate_pid, get_remote_process_sym_addr, get_current_session_id, get_parent_pid_from_pid, counters_acquire, create_medium_integrity_process, win32_dep_opt_in, counters_get, env_shutdown, redirect_io_to_console, GetCurrentSessionId, env_get, is_process_suspended, get_application_directory, set_application_directory, env_is_inited, generate_dump_file, stacktrace_get_caller_module, stacktrace_get_stack_trace_unl, proctools_get_process_image_name, iterate_modules, proctools_get_file_version_info, bring_process_main_window_to_foreground
urlmon.dll
CoInternetGetSession
user32.dll
GetClassInfoExW, LoadCursorW, SetLayeredWindowAttributes, AttachThreadInput, GetSystemMetrics, GetCursorPos, SystemParametersInfoW, ScreenToClient, RegisterClassExW, GetSysColor, PeekMessageW, ClientToScreen, GetDC, InvalidateRgn, RedrawWindow, SetCapture, IsChild, GetDlgItem, ReleaseCapture, FillRect, EndPaint, BeginPaint, DestroyAcceleratorTable, GetWindow, IsWindow, EnableWindow, IsWindowEnabled, GetWindowTextW, GetWindowTextLengthW, RegisterWindowMessageW, RegisterClassW, SendMessageA, PostMessageA, CreateWindowExA, RegisterClassA, GetKeyboardLayoutList, PostQuitMessage, RegisterClassExA, GetWindowPlacement, IsWindowVisible, GetAncestor, RegisterWindowMessageA, CallNextHookEx, GetClientRect, PostThreadMessageW, GetAsyncKeyState, UnregisterClassA, SetFocus, SetTimer, KillTimer, CreateAcceleratorTableW, GetKeyState, ToAscii, GetWindowTextA, ShowWindow, SetForegroundWindow, GetSystemMenu, MessageBoxA, keybd_event, SendMessageW, ReleaseDC, GetDCEx, GetClassNameW, EnumChildWindows, GetClassNameA, GetDesktopWindow, GetForegroundWindow, wsprintfW, SetWindowLongW, GetWindowLongW, MessageBoxW, CallWindowProcW, DefWindowProcW, MessageBoxExW, AllowSetForegroundWindow, FindWindowW, CharNextW, LoadIconW, CreateWindowExW, InvalidateRect, EnumWindows, SetWindowsHookExW, DeleteMenu, GetParent, PostMessageW, GetFocus, FindWindowExA, GetWindowThreadProcessId, UnhookWindowsHookEx, DispatchMessageW, GetWindowRect, SetWindowPos, MoveWindow, IsZoomed, SetWindowTextW, DestroyWindow, GetMessageW, TranslateMessage, VkKeyScanW, BroadcastSystemMessageW, MonitorFromPoint, EnumDisplayMonitors
version.dll
GetFileVersionInfoW, VerQueryValueW, VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA, GetFileVersionInfoSizeW
wininet.dll
HttpOpenRequestA, HttpSendRequestA, InternetSetStatusCallbackA, InternetConnectA, InternetReadFileExA, HttpQueryInfoW, InternetSetOptionA, InternetSetOptionW, InternetCrackUrlA, InternetOpenA, InternetGetConnectedState, InternetCloseHandle, HttpQueryInfoA
wintrust.dll
CryptCATAdminReleaseCatalogContext, CryptCATAdminReleaseContext, CryptCATCatalogInfoFromContext, CryptCATAdminEnumCatalogFromHash, WinVerifyTrust, CryptCATAdminCalcHashFromFileHandle, CryptCATAdminAcquireContext
wtsapi32.dll
WTSUnRegisterSessionNotification, WTSRegisterSessionNotification

rapportservice.exe

Rapport by Trusteer (Signed)

Remove rapportservice.exe
Version:   3.5.1201.94
MD5:   9aee3c126acc7ded1ff2126bfa28bdb8
SHA1:   1b481286cf851ba94d74c6e754393e15a1c37d5e
SHA256:   2ff223836395e2e1e1a66f15f1fa726cdceb7e1be18a13ba83c55cdc02e2fe2c

What is rapportservice.exe?

Trusteer Rapport is lightweight security software designed to protect confidential data, such as account credentials, from being stolen by malicious software (malware) and via phishing. To achieve this goal, the software first includes anti-phishing measures to protect against misdirection and attempts to prevent malicious screen scraping.

Overview

rapportservice.exe executes as a process with the local user's privileges. The file is digitally signed by Trusteer which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:rapportservice.exe
Publisher:Trusteer Ltd.
Product name:Rapport
Description:RapportService
Typical file path:C:\Program Files\trusteer\rapport\bin\rapportservice.exe
Original name:RapportService
File version:3.5.1201.94
Size:1.6 MB (1,673,048 bytes)
Certificate
Issued to:Trusteer
Authority (CA):VeriSign
Effective date:Friday, February 12, 2010
Expiration date:Thursday, May 1, 2014
Digital DNA
PE subsystem:Windows GUI
File packed:No
Code language:Microsoft Visual C++ 8.0
.NET CLR:No
More details
Network connections
  • [UDP] listens on port 62143
  • [UDP] listens on port 56497
  • [UDP] listens on port 56273

  • ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.00022102%
    0.028634%
    Kernel CPU:0.00014248%
    0.013761%
    User CPU:0.00007854%
    0.014873%
    Kernel CPU time:1,329,077 ms/min
    100,923,805ms/min
    CPU cycles:10,647,513/sec
    17,470,203/sec
    Context switches:8/sec
    284/sec
    Memory
    Private memory:37.36 MB
    21.59 MB
    Private (maximum):33.69 MB
    Private (minimum):11.47 MB
    Non-paged memory:37.36 MB
    21.59 MB
    Virtual memory:179.45 MB
    140.96 MB
    Virtual memory (peak):207.18 MB
    169.69 MB
    Working set:24.89 MB
    18.61 MB
    Working set (peak):44.81 MB
    37.95 MB
    Page faults:38,812,293/min
    2,039/min
    I/O
    I/O read transfer:26.77 KB/sec
    1.02 MB/min
    I/O read operations:11/sec
    343/min
    I/O write transfer:5.72 KB/sec
    274.99 KB/min
    I/O write operations:11/sec
    227/min
    I/O other transfer:578 Bytes/sec
    448.09 KB/min
    I/O other operations:4,151/sec
    1,671/min
    Resource allocations
    Threads:20
    12
    Handles:507
    600
    GUI GDI count:11
    103
    GUI GDI peak:15
    142
    GUI USER count:24
    49
    GUI USER peak:34
    71

    BehaviorsProcess properties

    Tray notification:Yes
    Integrety level:High
    Platform:64-bit
    Command line:"C:\Program Files\trusteer\rapport\bin\rapportservice.exe" -servicelaunch=true
    Owner:User

    ResourcesThreads

    Averages
     
    rapportgp.dll (Rapport by Trusteer Ltd)
    Total CPU:0.30254697%
    0.272967%
    Kernel CPU:0.21998489%
    0.107585%
    User CPU:0.08256208%
    0.165382%
    CPU cycles:7,591,787/sec
    5,741,424/sec
    Memory:636 KB
    1.16 MB
    RapportService.exe (main module)
    Total CPU:0.07188453%
    Kernel CPU:0.06207215%
    User CPU:0.00981238%
    CPU cycles:2,034,838/sec
    Context switches:1/sec
    Memory:1.61 MB
    ntdll.dll
    Total CPU:0.00027228%
    Kernel CPU:0.00009076%
    User CPU:0.00018152%
    CPU cycles:6,791/sec
    Memory:1.16 MB
    rapportutil.dll (Rapport by Trusteer Ltd)
    Total CPU:0.00017060%
    Kernel CPU:0.00012044%
    User CPU:0.00005016%
    CPU cycles:3,934/sec
    Memory:2.61 MB
    wow64.dll
    Total CPU:0.00015534%
    Kernel CPU:0.00014122%
    User CPU:0.00001412%
    CPU cycles:33,517/sec
    Memory:252 KB

    Common loaded modules

    These are modules that are typiclaly loaded within the context of this process.

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 7 Home Premium 75.00%
    Windows 8 Pro 10.00%
    Windows 7 Professional 5.00%
    Windows 7 Ultimate 5.00%
    Windows Vista Home Premium 5.00%

    Distribution by countryDistribution by country

    United States installs about 40.00% of Rapport.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    Sony 40.00%
    Hewlett-Packard 30.00%
    Dell 20.00%
    GIGABYTE 10.00%
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE