» RDListener.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

RDListener.exe

RDListener

Xionix

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘RDListener’. This is installed with RegistryDefense.

File name:

RDListener.exe

Publisher:

Xionix (signed and verified)

Product:

RDListener

Version:

1.0.0.0

MD5:

f072dc4158b307a5157b6c6062fcca45

SHA-1:

97fb790e1addeec48ef4f2888332a98b4b0bd22e

SHA-256:

77ab5e9afcd3a5513b7ed9eaa5606388a376a664388998c35830259c9f5247fb

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/27/2024 4:41:01 AM UTC (today)

File size:

112.6 KB (115,312 bytes)

Product version:

1.0.0.0

Original file name:

RDListener.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Digital Signature

Signed by:

Xionix

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

11/16/2008 6:00:00 PM

Valid to:

11/13/2009 5:59:59 PM

Subject:

CN=Xionix, OU=SECURE APPLICATION DEVELOPMENT, O=Xionix, L=Provo, S=Utah, C=US

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

6537F88142A3518F779F1055FAC264AD

File PE Metadata

Compilation timestamp:

2/6/2009 5:52:51 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:AjAA8ynQy+5S90wvMmRD0jUpcR0WGIFdnmdc3kr/zs/L:AMAFnQd2L9DpcRaIFdnmdcULzQ

Entry address:

0x3BEE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.4969

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

8 KB (8,192 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

RDListener

Command:

C:\applications\registry defense\rdlistener.exe

The file RDListener.exe has been discovered within the following program.

RegistryDefense by Xionix Inc.

www.regdefense.com

About 7% of users remove it

Scan RDListener.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.