home

vosrv.exe

The application vosrv.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “VO Service component”.
MD5:
2d6b8119769c28ea7a1caf959baa52cc

SHA-1:
87ce48ce684d70fb51aec33d4d5a62a8800ddf20

SHA-256:
d5837c3a6935320162100c47d403fb4c27870ccae034bd03145604dd34746cb6

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 5:49:00 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Rootkit-gen [Rtk]
2014.9-140919

Baidu Antivirus
PUA.Win32.VOPackage
4.0.3.14919

ESET NOD32
Win32/VOPackage.W potentially unwanted application
7.0.302.0

IKARUS anti.virus
PUA.Vopackage
t3scan.1.7.8.0

K7 AntiVirus
Trojan
13.183.13417

McAfee
Artemis!19748057D6BB
5600.7002

NANO AntiVirus
Riskware.Win32.Downware.desjpz
0.28.2.62151

Reason Heuristics
Threat.Win.Reputation.IMP
14.9.19.21

Sophos
Generic PUA DL
4.98

Trend Micro House Call
Suspicious_GEN.F47V0906
7.2.262

File size:
70 KB (71,680 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\vopackage\vosrv.exe

File PE Metadata
Compilation timestamp:
9/19/2014 8:22:36 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:BfXtUPeeUeOa9JqBAa5lBIHlTkyk8qyv9cTtunlwC:BfdUP9fOacAa5EkhjtunlwC

Entry address:
0x3238

Entry point:
E8, D2, 24, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 9D, 0F, 00, 00, 8B, FF, 51, C7, 01, B8, C6, 40, 00, E8, 4F, 25, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, CC, FF, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, 8D, 25, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 6A, 0A, 6A, 00, FF, 75, 08, E8, AB, 28, 00, 00, 83, C4, 0C, 5D, C3, 8B, FF, 55, 8B...
 
[+]

Entropy:
6.0797

Code size:
43.5 KB (44,544 bytes)

Service
Display name:
VO Service component

Service name:
servervo

Description:
Ongoing updates responsible service.

Type:
Win32OwnProcess


Remove vosrv.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.