» vosrv.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

vosrv.exe

The application vosrv.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “VO Service component”. This file is typically installed with the program Remote Desktop Access (VuuPC) by CMI Limited which is a potentially unwanted software program.

File name:

vosrv.exe

MD5:

d7e7edbb88b4f925dc1d8176bd423ae4

SHA-1:

28329319f37672f11a05af414a81a37146a63d64

SHA-256:

023c74f2dd6485c9902bbf9a28d0f15411851e44d80457b4f54515733e1362fd

Scanner detections:

10 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 2:03:46 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Rootkit-gen [Rtk]

2014.9-140920

Baidu Antivirus

PUA.Win32.VOPackage

4.0.3.14920

ESET NOD32

Win32/VOPackage (variant)

8.10437

IKARUS anti.virus

PUA.Vopackage

t3scan.1.7.8.0

K7 AntiVirus

Trojan

13.183.13417

McAfee

Artemis!19748057D6BB

5600.7001

NANO AntiVirus

Riskware.Win32.Downware.desjpz

0.28.2.62151

Reason Heuristics

Threat.Win.Reputation.IMP

14.9.20.20

Sophos

Generic PUA DL

4.98

Trend Micro House Call

Suspicious_GEN.F47V0906

7.2.263

File size:

70 KB (71,680 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\vopackage\vosrv.exe

File PE Metadata

Compilation timestamp:

9/20/2014 6:08:54 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

1536:AwKi//WxUeOa9JqBAL5lBIHlTkTk8qyv9cCNCCsI:AwH//6fOacAL5EkEyNCCsI

Entry address:

0x3280

Entry point:

E8, CA, 24, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 95, 0F, 00, 00, 8B, FF, 51, C7, 01, BC, C6, 40, 00, E8, 47, 25, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, CC, FF, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, 85, 25, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 6A, 0A, 6A, 00, FF, 75, 08, E8, A3, 28, 00, 00, 83, C4, 0C, 5D, C3, 8B, FF, 55, 8B... 
[+]

Entropy:

6.0858

Code size:

43.5 KB (44,544 bytes)

Service

Display name:

VO Service component

Service name:

servervo

Description:

Ongoing updates responsible service.

Type:

Win32OwnProcess

The file vosrv.exe has been discovered within the following program.

Remote Desktop Access (VuuPC) by CMI Limited

Developed and distributed through bundled installer from Click Me In. The software may be bundled by 3rd-party products using the InstallCore distribution platform.

vuupc.com/terms.html

About 82% of users remove it

Remove vosrv.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.