home

rutserv.exe

Remote Utilities

Usoris Systems LLC

The application rutserv.exe by Usoris Systems has been detected as a potentially unwanted program by 9 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Usoris - Host”. While running, it connects to the Internet address CL-T136-074CN on port 5655.
Publisher:
Usoris Systems LLC  (signed and verified)

Product:
Remote Utilities

Version:
6.3.0.6

MD5:
05e7685891afc648d0df76bd321ad5a1

SHA-1:
608f85d2ec038189f453753a50140bad959e0f8b

SHA-256:
22ef9f9d446fad20ef4c5c94cfe46f856f0eebc607fcf230df8436276cebeb1e

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
5/2/2025 7:04:12 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
BDS/Backdoor.Gen2
8.3.3.4

ESET NOD32
Win32/RemoteAdmin.RemoteUtilities.D potentially unsafe (variant)
10.13451

Fortinet FortiGate
Riskware/RMS
6/25/2016

K7 AntiVirus
Unwanted-Program
13.224.19537

Kaspersky
not-a-virus:RemoteAdmin.Win32.RMS
14.0.0.3

Panda Antivirus
Generic Suspicious
16.06.25.11

Qihoo 360 Security
HEUR/QVM05.1.0000.Malware.Gen
1.0.0.1120

Rising Antivirus
Malware.RDM.42!5.30
23.00.65.16623

VIPRE Antivirus
Trojan.Win32.Generic
49198

File size:
6 MB (6,300,584 bytes)

Product version:
6.3.0.6

Copyright:
Copyright © 2015 Usoris Systems LLC All rights reserved.

Trademarks:
Usoris Systems LLC, Remote Utilities

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\syswow64\vipcatalog\rutserv.exe

Digital Signature
Signed by:
Usoris Systems LLC

Authority:
DigiCert Inc

Valid from:
7/1/2015 3:00:00 AM

Valid to:
7/5/2016 3:00:00 PM

Subject:
CN=Usoris Systems LLC, O=Usoris Systems LLC, L=Victoria, S=Mahe, C=SC

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
045C13C254346C04EF3304E6ACD100C5

File PE Metadata
Compilation timestamp:
7/2/2015 12:01:36 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:Y+nzXpubLPa4D8S0Qhqc43geRZsUHqDUNBFUc/5fwxDalXbtcHQz1SjhjByMTgTp:Y+bkiFIqw96EcEalLtcHQzE+5U8

Entry address:
0x502790

Entry point:
55, 8B, EC, 83, C4, F0, B8, BC, 92, 8E, 00, E8, 0C, D7, B0, FF, E8, B3, 50, FE, FF, E8, 56, 7A, B0, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
5 MB (5,248,512 bytes)

Service
Display name:
Usoris - Host

Service name:
RManService

Description:
Allows Remote Utilities users to connect to this machine.

Type:
Win32OwnProcess


The executing file has been seen to make the following network communication in live environments.

TCP:
Connects to CL-T136-074CN  (70.38.38.43:5655)

Remove rutserv.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.