» rdssservice.exe
Overview
Analysis
File Details
Behaviors (1)

rdssservice.exe

RDScreenshot

MIS Utilities

It runs as a separate (within the context of its own process) windows Service named “Remote Desktop Screenshot”.

File name:

rdssservice.exe

Publisher:

MIS Utilities (signed and verified)

Product:

RDScreenshot

Version:

2.0.0.0

MD5:

d221e4f0cb9bd6e5b256048ee5aa4c09

SHA-1:

073e96abd3b88cd53b80eaeab070f7f68009990d

SHA-256:

fa9b2d91b6208b177f22e9dcac6c6367df1b00826033959be2d53568e5e49fda

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/28/2024 11:02:01 PM UTC (a few moments ago)

File size:

786.4 KB (805,312 bytes)

Product version:

2.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\windows\syswow64\rdssservice.exe

Digital Signature

Signed by:

MIS Utilities

Authority:

COMODO CA Limited

Valid from:

8/20/2012 5:30:00 AM

Valid to:

8/21/2013 5:29:59 AM

Subject:

CN=MIS Utilities, O=MIS Utilities, STREET=Kharkivske shose 51-104, L=Kyiv, S=Ukraine, PostalCode=02096, C=UA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

5CB41207023892AE294AC3E6E34B4A86

File PE Metadata

Compilation timestamp:

11/15/2010 2:39:34 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:hwFRLle8esFOPJMFEpUt5YP9yyWmQ/jtkbk0a2i7vnKTlW3icNF:Yg8esFOPSFEpUt5XyWmQ/uoFfKTlgiw

Entry address:

0xA39F4

Entry point:

55, 8B, EC, 83, C4, F0, 53, B8, 4C, 26, 4A, 00, E8, FF, 38, F6, FF, A1, BC, 9F, 4A, 00, 8B, 00, 8B, 10, FF, 52, 34, 8B, 0D, D8, A0, 4A, 00, A1, BC, 9F, 4A, 00, 8B, 00, 8B, 15, C0, 00, 4A, 00, 8B, 18, FF, 53, 30, A1, BC, 9F, 4A, 00, 8B, 00, 8B, 10, FF, 52, 38, 5B, E8, AD, 14, F6, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.6331

Developed / compiled with:

Microsoft Visual C++

Code size:

649.5 KB (665,088 bytes)

Service

Display name:

Remote Desktop Screenshot

Service name:

RemoteDesktopScreenshot

Description:

Enables network administrators to view screenshots from remote computer. If this service is stopped, administrators will not be able to get the screenshot from this cmputer. If this service is disable

Type:

Win32OwnProcess

Scan rdssservice.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.