Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

3.5.1307.82 2.17%
3.5.1307.76 2.17%
3.5.1304.29 6.52%
3.5.1302.61 6.52%
3.5.1208.41 2.17%
3.5.1208.36 10.87%
3.5.1208.34 4.35%
3.5.1208.24 10.87%
3.5.1207.40 6.52%
3.5.1205.18 2.17%
3.5.1205.17 6.52%
3.5.1205.15 10.87%
3.5.1205.12 2.17%
3.5.1201.94 15.22%
3.5.1108.73 6.52%
3.5.1108.70 2.17%
3.5.1108.50 2.17%

Relationships

Parent process
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
CryptGenRandom, OpenProcessToken, DuplicateTokenEx, GetLengthSid, SetTokenInformation, CreateProcessAsUserA, ConvertStringSidToSidW, RegisterServiceCtrlHandlerExW, StartServiceCtrlDispatcherW, SetServiceStatus, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, GetTokenInformation, RegDeleteKeyW, RegQueryInfoKeyW, RegEnumKeyExW, RegSetValueExW, RegSetValueExA, RegOpenKeyA, CryptEncrypt, CryptAcquireContextW, CryptGenKey, CryptReleaseContext, CryptImportKey, CryptExportKey, CryptDestroyKey, RegOpenKeyExA, RegQueryValueExA, OpenSCManagerW, OpenServiceW, CloseServiceHandle, ConvertSidToStringSidA, AllocateAndInitializeSid, EqualSid, FreeSid, SetNamedSecurityInfoW, SetEntriesInAclW, GetEffectiveRightsFromAclW, GetNamedSecurityInfoW
kernel32.dll
GetProcessHeap, HeapFree, IsDebuggerPresent, UnhandledExceptionFilter, lstrcatW, lstrcpyW, lstrlenW, GetFullPathNameW, FindCloseChangeNotification, FindNextChangeNotification, FindFirstChangeNotificationW, FileTimeToLocalFileTime, OpenEventA, GetStartupInfoA, EnterCriticalSection, LeaveCriticalSection, GetLastError, InterlockedIncrement, InterlockedDecrement, Sleep, DeleteCriticalSection, InitializeCriticalSection, WaitForSingleObject, GetTickCount, CreateThread, CloseHandle, ProcessIdToSessionId, TerminateProcess, OpenProcess, GetModuleFileNameA, GetProcessTimes, GetExitCodeProcess, GetCurrentProcessId, GetModuleHandleW, GetCurrentThreadId, InterlockedCompareExchange, SetUnhandledExceptionFilter, QueryPerformanceCounter, GetCurrentProcess, GetProcAddress, GetModuleHandleA, QueryPerformanceFrequency, SetLastError, GetFileAttributesW, InterlockedExchange, OutputDebugStringA, LoadLibraryA, GetCurrentThread, ResumeThread, GetThreadContext, SuspendThread, SleepEx, Process32NextW, Process32FirstW, CreateToolhelp32Snapshot, Module32NextW, Module32FirstW, FreeLibrary, CreateFileA, TlsGetValue, TlsAlloc, GetModuleFileNameW, VirtualQuery, RtlCaptureContext, GetSystemInfo, LocalFree, QueryDosDeviceA, MultiByteToWideChar, GetVersionExW, CreateFileW, WideCharToMultiByte, DeleteFileW, MoveFileW, CopyFileW, CreateDirectoryW, FindClose, RemoveDirectoryW, FindNextFileW, FindFirstFileW, FindNextFileA, FindFirstFileA, CompareFileTime, FlushInstructionCache, VirtualProtect, InterlockedExchangeAdd, GetSystemTime, SetEvent, WaitForMultipleObjects, ResetEvent, SetWaitableTimer, CancelWaitableTimer, CreateEventW, CreateWaitableTimerW, DeviceIoControl, ReadFile, GetSystemDirectoryA, GetWindowsDirectoryA, GetSystemTimeAsFileTime, lstrlenA, GetVolumeInformationA, FileTimeToSystemTime, CreateProcessW, GlobalFree, GlobalAlloc, LoadLibraryExA, GetFileAttributesA, IsWow64Process, GetFileTime
msvcp80.dll
DllMain
msvcr80.dll
DllMain
ole32.dll
CoSetProxyBlanket, CoUninitialize, CoInitializeEx, CoCreateInstance, OleRun
psapi.dll
GetModuleInformation, GetModuleFileNameExA, EnumProcesses
rapportutil.dll
DllMain
shell32.dll
SHGetFolderPathW, SHGetFolderPathA
shlwapi.dll
PathAppendA, SHDeleteKeyW, AssocQueryStringA
trf.dll
iterate_pid_with_logs, env_alloc_default, stacktrace_get_stack_trace, counters_release, counters_acquire, env_is_inited, iterate_pid, env_get, get_application_directory, counters_get, GetCurrentSessionId, stacktrace_get_caller_module, stacktrace_get_stack_trace_unl, proctools_get_process_image_name, iterate_modules, set_application_directory
user32.dll
wsprintfW, MessageBoxA
userenv.dll
CreateEnvironmentBlock, DestroyEnvironmentBlock
version.dll
GetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
wininet.dll
InternetSetOptionA, HttpQueryInfoW, InternetGetConnectedState, InternetOpenA, InternetCrackUrlA, InternetCloseHandle, InternetReadFileExA, InternetSetStatusCallbackA, InternetSetOptionW, InternetConnectA, HttpOpenRequestA, HttpQueryInfoA, HttpSendRequestA
wtsapi32.dll
WTSFreeMemory, WTSQuerySessionInformationW, WTSEnumerateSessionsW, WTSQueryUserToken

rapportmgmtservice.exe

Rapport by Trusteer (Signed)

Remove rapportmgmtservice.exe
Version:   3.5.1201.94
MD5:   61b37c0b3fd7da7414c20d917469bfff
SHA1:   880e2a03a5bcc022b0d202ee08d4e22534a23b91
SHA256:   545e4449781cde31e0d79ed67ce3efb93136bdf74bd941d8094068c7d468ce2e

What is rapportmgmtservice.exe?

Trusteer Rapport is lightweight security software designed to protect confidential data, such as account credentials, from being stolen by malicious software (malware) and via phishing. To achieve this goal, the software first includes anti-phishing measures to protect against misdirection and attempts to prevent malicious screen scraping.

Overview

rapportmgmtservice.exe runs as a service under the name Rapport Management Service (RapportMgmtService) with extensive SYSTEM privileges (full administrator access). The file is digitally signed by Trusteer which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:rapportmgmtservice.exe
Publisher:Trusteer Ltd.
Product name:Rapport
Description:RapportMgmtService
Typical file path:C:\Program Files\trusteer\rapport\bin\rapportmgmtservice.exe
Original name:RapportMgmtService
File version:3.5.1201.94
Size:953.84 KB (976,728 bytes)
Certificate
Issued to:Trusteer
Authority (CA):VeriSign
Effective date:Friday, February 12, 2010
Expiration date:Thursday, May 1, 2014
Digital DNA
PE subsystem:Windows GUI
File packed:No
Code language:Microsoft Visual C++ 8.0
.NET CLR:No
More details

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'RapportMgmtService' (Rapport Management Service)
  • RapportMgmtService
Network connections
  • [UDP] listens on port 53214
  • [UDP] listens on port 61567
  • [UDP] listens on port 49677
  • [UDP] listens on port 1034

    • ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.00363659%
    0.028634%
    Kernel CPU:0.00124378%
    0.013761%
    User CPU:0.00239281%
    0.014873%
    Kernel CPU time:1,042,641 ms/min
    100,923,805ms/min
    CPU cycles:12,591,047/sec
    17,470,203/sec
    Context switches:8/sec
    284/sec
    Memory
    Private memory:62.66 MB
    21.59 MB
    Private (maximum):40.87 MB
    Private (minimum):11.9 MB
    Non-paged memory:62.66 MB
    21.59 MB
    Virtual memory:188.95 MB
    140.96 MB
    Virtual memory (peak):230.06 MB
    169.69 MB
    Working set:20.6 MB
    18.61 MB
    Working set (peak):132.71 MB
    37.95 MB
    Page faults:26,555,712/min
    2,039/min
    I/O
    I/O read transfer:33.16 KB/sec
    1.02 MB/min
    I/O read operations:8/sec
    343/min
    I/O write transfer:37.51 KB/sec
    274.99 KB/min
    I/O write operations:20/sec
    227/min
    I/O other transfer:122.4 KB/sec
    448.09 KB/min
    I/O other operations:5,136/sec
    1,671/min
    Resource allocations
    Threads:17
    12
    Handles:424
    600
    GUI GDI count:4
    103

    BehaviorsProcess properties

    Integrety level:System
    Platform:64-bit
    Command line:"C:\Program Files\trusteer\rapport\bin\rapportmgmtservice.exe"
    Owner:SYSTEM
    Windows Service
    Service name:RapportMgmtService
    Display name:Rapport Management Service
    Description:“Central Rapport Management and Monitoring Service”
    Type:Win32OwnProcess
    Parent process:services.exe (Services and Controller app by Microsoft)

    ResourcesThreads

    Averages
     
    rapportgp.dll (Rapport by Trusteer Ltd)
    Total CPU:0.14412524%
    0.272967%
    Kernel CPU:0.09601039%
    0.107585%
    User CPU:0.04811485%
    0.165382%
    CPU cycles:2,585,569/sec
    5,741,424/sec
    Context switches:1/sec
    79/sec
    Memory:636 KB
    1.16 MB
    RapportMgmtService.exe (main module)
    Total CPU:0.08099922%
    Kernel CPU:0.06896386%
    User CPU:0.01203536%
    CPU cycles:2,197,596/sec
    Context switches:2/sec
    Memory:964 KB
    rapportcerberus.dll (Rapport by Trusteer Ltd)
    Total CPU:0.01940079%
    Kernel CPU:0.00488006%
    User CPU:0.01452073%
    CPU cycles:381,484/sec
    Memory:692 KB
    rapportutil.dll (Rapport by Trusteer Ltd)
    Total CPU:0.00069791%
    Kernel CPU:0.00039777%
    User CPU:0.00030015%
    CPU cycles:32,172/sec
    Memory:2.61 MB
    ntdll.dll
    Total CPU:0.00032313%
    Kernel CPU:0.00024149%
    User CPU:0.00008164%
    CPU cycles:12,571/sec
    Memory:1.66 MB
    wow64.dll
    Total CPU:0.00007976%
    Kernel CPU:0.00005697%
    User CPU:0.00002279%
    CPU cycles:39,955/sec
    Memory:252 KB
    WININET.dll
    Total CPU:0.00003004%
    Kernel CPU:0.00000000%
    User CPU:0.00003004%
    CPU cycles:17,735/sec
    Memory:1.11 MB

    Common loaded modules

    These are modules that are typiclaly loaded within the context of this process.

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 7 Home Premium 54.35%
    Microsoft Windows XP 13.04%
    Windows 7 Professional 8.70%
    Windows Vista Home Premium 8.70%
    Windows 8 Pro 8.70%
    Windows 7 Ultimate 6.52%

    Distribution by countryDistribution by country

    United States installs about 42.22% of Rapport.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    Sony 31.25%
    Dell 25.00%
    Hewlett-Packard 12.50%
    Intel 12.50%
    GIGABYTE 6.25%
    ASUS 6.25%
    Toshiba 6.25%
    Back to top
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE