RSW_Svc64.exe

Rid Spyware

Crawler, LLC

The application RSW_Svc64.exe, “Rid Spyware Realtime Shield Service” by Crawler has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Rid Spyware Realtime Shield Service”.
Remove RSW_Svc64.exe - Powered by Reason Core Security
Publisher:
Crawler.com  (signed by Crawler, LLC)

Product:
Rid Spyware

Description:
Rid Spyware Realtime Shield Service

Version:
1.1.0.5

MD5:
755b7b7a2be2623b4cc73c97d4750ee6

SHA-1:
87e616ec5644e0e4d2f74c3b5eb39e91cc4b329a

SHA-256:
19ebfe8f99a999209186ed20ae55d924c473c5f0f495e78aa6942f3442356a0d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/8/2016 8:57:42 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Service.Crawler.J
14.8.8.2

Remove RSW_Svc64.exe - Powered by Reason Core Security
File size:
2.8 MB (2,982,272 bytes)

Product version:
1.1.0.0

Copyright:
© Crawler.com

Original file name:
RSW_Svc64.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\rid spyware\rsw_svc64.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
11/26/2013 4:00:00 PM

Valid to:
1/25/2017 3:59:59 PM

Subject:
CN="Crawler, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Crawler, LLC", L=Boca Raton, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
48E3A7F6CBA47D0C3FCD17CF81AB3F76

File PE Metadata
Compilation timestamp:
12/5/2013 5:41:13 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
24576:Ue3jJrZw6NfgczKjnmFfc0NdBYMfL8dWmmoux/WAI8n7z8LMewp:r3jJ2q4czKjnmFf5NxfWWmdH8ne+

Entry address:
0x25BD60

Entry point:
55, 48, 83, EC, 30, 48, 8B, EC, 48, 89, 6D, 28, 48, 8B, 05, 05, 99, 03, 00, C6, 00, 01, 90, 48, 8D, 0D, BA, 26, FF, FF, E8, BD, A5, DB, FF, 90, E8, 47, 21, FF, FF, EB, 08, 90, 90, E8, 0E, 1D, DB, FF, 90, E8, 98, 25, DB, FF, EB, 08, 90, 90, E8, 7F, 27, DB, FF, 90, 48, 8D, 65, 30, 5D, C3, 48, 8D, 04, 05, 00, 00, 00, 00, 48, 83, EC, 28, E8, 17, 1C, DB, FF, 48, 83, C4, 28, C3, 48, 90, 48, 83, EC, 28, E8, 07, 1C, DB, FF, 48, 83, C4, 28, C3, CC, CC, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.9347

Code size:
2.4 MB (2,469,376 bytes)

Service
Display name:
Rid Spyware Realtime Shield Service

Service name:
RSW_Svc

Type:
Win32OwnProcess


Remove RSW_Svc64.exe - Powered by Reason Core Security