» rfusclient.exe
Overview
Analysis
File Details

rfusclient.exe

svhost

Usoris Systems

The application rfusclient.exe, “Хост-процесс для служб Windows” by Usoris Systems has been detected as a potentially unwanted program by 24 anti-malware scanners.

File name:

rfusclient.exe

Publisher:

Windows (signed by Usoris Systems)

Product:

svhost

Description:

Хост-процесс для служб Windows

Version:

6.3.7600.16385

MD5:

c4f9beaf6ab6ba2076033d1dbe204bea

SHA-1:

d46686816607dbae798f5310afc9c38d04c67147

SHA-256:

08e37d534dded02d6178855e8c5325c49e6b94e22215a0b885d389dc35fd98b2

Scanner detections:

24 / 68

Status:

Potentially unwanted

Analysis date:

7/13/2025 2:29:21 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Trojan.Heur.RX.@V1@XqyJr2ok

217

Agnitum Outpost

Riskware.RemoteAdmin

7.1.1

Avira AntiVirus

SPR/Tool.Monitor.Gen

8.3.2.2

Arcabit

Trojan.Heur.RX.E2A9C4

1.0.0.576

AVG

RemoteAdmin

2017.0.2695

Bitdefender

Gen:Trojan.Heur.RX.@V1@XqyJr2ok

1.0.20.915

Bkav FE

W32.HfsAdware

1.3.0.7237

Dr.Web

Program.RemoteAdmin.776

9.0.1.0183

Emsisoft Anti-Malware

Gen:Trojan.Heur.RX.@V1@XqyJr2ok

8.16.07.01.03

ESET NOD32

Win32/RemoteAdmin.RemoteUtilities.H potentially unsafe (variant)

10.12365

Fortinet FortiGate

Riskware/RemoteAdmin_RemoteUtilities

7/1/2016

F-Secure

Gen:Trojan.Heur.RX.@V1@XqyJr2ok

11.2016-01-07_6

G Data

Gen:Trojan.Heur.RX.@V1@XqyJr2ok

16.7.25

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.9.5.0

K7 AntiVirus

Unwanted-Program

13.210.17440

Kaspersky

not-a-virus:RemoteAdmin.Win32.RMS

14.0.0.-28

McAfee

Artemis!C4F9BEAF6AB6

5600.6351

MicroWorld eScan

Gen:Trojan.Heur.RX.@V1@XqyJr2ok

17.0.0.549

NANO AntiVirus

Riskware.Win32.RemoteAdmin.dtknvb

0.30.26.3947

Panda Antivirus

Generic Suspicious

16.07.01.03

Qihoo 360 Security

HEUR/QVM05.1.Malware.Gen

1.0.0.1015

Sophos

Generic PUA NE (PUA)

4.98

VIPRE Antivirus

Trojan.Win32.Generic

44332

ViRobot

Trojan.Win32.A.Agent.5517240[h]

2014.3.20.0

File size:

5.3 MB (5,517,240 bytes)

Product version:

6.3.7600.16385

Trademarks:

Windows

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\microsoft\winupd\rfusclient.exe

Digital Signature

Signed by:

Usoris Systems

Authority:

Symantec Corporation

Valid from:

2/2/2015 2:00:00 AM

Valid to:

5/4/2017 2:59:59 AM

Subject:

CN=Usoris Systems, O=Usoris Systems, L=Victoria, S=Mahe, C=SC

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

2810859351B08906D00293C09A255A

File PE Metadata

Compilation timestamp:

5/12/2015 8:46:03 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:w0jJpL9QR6wSP+TsK8FjjcHWf0G+Wh1U2YrJIAZv9sTdTKJTfCCG9du987F:w8DljPU2YrmAZv91mdF

Entry address:

0x4432C4

Entry point:

55, 8B, EC, 83, C4, F0, 53, B8, 98, B6, 82, 00, E8, CF, C5, BC, FF, 8B, 1D, 78, 91, 85, 00, A1, 24, 8A, 85, 00, 83, 38, 06, 7C, 05, E8, 1A, 3F, BD, FF, E8, 59, 83, FE, FF, 8B, 03, B2, 01, E8, B0, 82, DF, FF, 8B, 03, E8, 61, 65, DF, FF, 8B, 03, BA, 40, 33, 84, 00, E8, 85, 5F, DF, FF, 8B, 03, C6, 40, 6F, 00, 8B, 0D, 50, 8D, 85, 00, 8B, 03, 8B, 15, 98, 15, 82, 00, E8, 54, 65, DF, FF, 8B, 03, E8, A9, 66, DF, FF, 5B, E8, BB, 6B, BC, FF, 00, 00, 00, B0, 04, 02, 00, FF, FF, FF, FF, 27, 00, 00, 00, 52, 00, 65, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

4.3 MB (4,464,640 bytes)

Remove rfusclient.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.