» st_rsser64.exe
Overview
Analysis
File Details
Behaviors (1)

st_rsser64.exe

Spyware Terminator 2012

Crawler Group, LLC

The application st_rsser64.exe, “Spyware Terminator 2012 Realtime Shield Service” by Crawler Group has been detected as adware by 4 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Spyware Terminator 2012 Realtime Shield Service”.

File name:

st_rsser64.exe

Publisher:

Crawler.com (signed by Crawler Group, LLC)

Product:

Spyware Terminator 2012

Description:

Spyware Terminator 2012 Realtime Shield Service

Version:

3.0.0.34

MD5:

7cb4dc432b19f100aecd7151d03ab81b

SHA-1:

07a31cb58e1fc0042393015f63ce613d945a0150

SHA-256:

ef0ec64304a19e78150e96b2caddeb725c7a8da25a02f28816897de6300b24ce

Scanner detections:

4 / 68

Status:

Adware

Analysis date:

5/10/2024 4:46:33 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2016.0.3096

Bkav FE

W64.HfsAdware

1.3.0.6379

Dr.Web

Program.Unwanted.331

9.0.1.0147

Reason Heuristics

PUP.Crawler.CrawlerGroup

15.5.27.8

File size:

1.1 MB (1,146,272 bytes)

Product version:

3.0.0.0

Original file name:

st_rsser.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\spyware terminator\st_rsser64.exe

Digital Signature

Signed by:

Crawler Group, LLC

Authority:

VeriSign, Inc.

Valid from:

8/20/2014 8:00:00 PM

Valid to:

8/20/2017 7:59:59 PM

Subject:

CN="Crawler Group, LLC", O="Crawler Group, LLC", L=Wilmington, S=Delaware, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

68EC8C9CE5E2EA57582931BA9277481B

File PE Metadata

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

2.24

CTPH (ssdeep):

12288:573UngbDSa9+EsAXfuQMjSwRG0mvoliA2Mk7028Gj54k+Yolw:573UngbDSusODwCi2Mkl8Gl4k+Yd

Entry address:

0x142D0

Entry point:

48, 81, EC, 88, 00, 00, 00, C6, 04, 25, 08, 60, 4F, 00, 00, E8, 2C, FF, FF, FF, 48, 81, C4, 88, 00, 00, 00, C3, 00, 00, 00, 00, 55, 48, 89, E5, 48, 81, EC, B0, 00, 00, 00, 48, 89, 5D, A0, 48, 89, 75, A8, 48, 89, 4D, F8, C6, 45, F0, 00, 48, BE, 00, 00, 00, 00, 00, 00, 00, 00, 48, 8D, 5D, E0, E8, 62, D0, FE, FF, 89, C1, 48, 8B, 55, F8, 41, B9, 10, 00, 00, 00, 48, 89, 74, 24, 20, 49, 89, D8, E8, 59, D0, FE, FF, 85, C0, 0F, 84, DF, 00, 00, 00, C7, 45, B8, 00, 00, 00, 00, C6, 45, D8, 01, E9, BD, 00, 00, 00, 90... 
[+]

Entropy:

5.8703

Code size:

825.8 KB (845,584 bytes)

Service

Display name:

Spyware Terminator 2012 Realtime Shield Service

Service name:

ST2012_Svc

Type:

Win32OwnProcess

Remove st_rsser64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.