» rvtuhy.exe
Overview
Analysis
File Details
Behaviors (1)

rvtuhy.exe

News Alert

Useful Technology

The application rvtuhy.exe, “BreakingNewsAlert Service” by Useful Technology has been detected as adware by 14 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “RvTUhy”. According to AVG, this software downloads additional adware offers during setup.

File name:

rvtuhy.exe

Publisher:

Useful Technology (signed and verified)

Product:

News Alert

Description:

BreakingNewsAlert Service

Version:

1.0.0.0

MD5:

dba5cc600a6b18006bbd272b85c2c922

SHA-1:

14dc3c0342f10f8078549b1fe3482089f4673fc2

SHA-256:

9ada3bbbf62df2720888148b3bf9fcf39788b2cd0063be785a69b83575d89f47

Scanner detections:

14 / 68

Status:

Adware

Analysis date:

5/4/2024 10:44:38 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.PullUpdate

2015.08.15

Avira AntiVirus

ADWARE/Adware.Gen7

8.3.1.6

AVG

Downloader

2016.0.2995

Baidu Antivirus

Adware.Win32.PullUpdate

4.0.3.1595

Bkav FE

W32.HfsAdware

1.3.0.7062

Dr.Web

Adware.Yontoo.68

9.0.1.0248

ESET NOD32

MSIL/Adware.PullUpdate.G.gen (variant)

9.12097

F-Prot

W32/PullUpdate.B.gen

v6.4.7.1.166

K7 AntiVirus

Adware

13.2016899

Malwarebytes

PUP.Optional.BreakingNewsAlert.A

v2015.09.05.03

Panda Antivirus

PUP/NewsAlert

15.09.05.03

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.UsefulTechnology (M)

15.9.5.15

VIPRE Antivirus

PullUpdate

42890

File size:

2.6 MB (2,732,000 bytes)

Product version:

1.0.0.0

Original file name:

BreakingNewsAlertService.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\ProgramData\spxxmtjrl\rvtuhy.exe

Digital Signature

Signed by:

Useful Technology

Authority:

Symantec Corporation

Valid from:

2/17/2015 10:00:00 PM

Valid to:

2/18/2016 9:59:59 PM

Subject:

CN=Useful Technology, O=Useful Technology, L=St. Michael, S=St. Michael, C=BB

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

70428C7452B26287E6E3026766B88029

File PE Metadata

Compilation timestamp:

8/12/2015 10:48:13 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

49152:D+XHoCdXdAchLgRMZhwxi9dqa9GCXNScQivIJL6AKzkTOde:DalNAcxgWeivqGGCUcQig9KzkTOde

Entry address:

0x29AA2E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

2.6 MB (2,722,816 bytes)

Service

Display name:

RvTUhy

Type:

Win32OwnProcess

Depends on:

Winmgmt CryptSvc

Remove rvtuhy.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.