» rutserv.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (2)

rutserv.exe

Remote Utilities

Usoris Systems LLC

The application rutserv.exe, “Remote Utilities - Host” by Usoris Systems has been detected as a potentially unwanted program by 5 anti-malware scanners. This file is typically installed with the program Remote Utilities - Host by Usoris Systems LLC. While running, it connects to the Internet address CL-T136-074CN on port 5655.

File name:

rutserv.exe

Publisher:

Usoris Systems LLC (signed and verified)

Product:

Remote Utilities

Description:

Remote Utilities - Host

Version:

6.5.0.8

MD5:

17cde1da8735b709075feeecd6fd686d

SHA-1:

0b221a745ca48016ebf2e1735d256ec67295a326

SHA-256:

46ab20d59cb05726c59208ad32a02629e9c994099e7762d265465762a5948248

Scanner detections:

5 / 68

Status:

Potentially unwanted

Analysis date:

7/12/2025 2:30:48 PM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.HfsAdware

1.3.0.8455

ESET NOD32

Win32/RemoteAdmin.RemoteUtilities.D potentially unsafe (variant)

10.14595

Fortinet FortiGate

Riskware/Agent

12/13/2016

G Data

Win32.Application.Agent.4UK2I0

16.12.25

Kaspersky

not-a-virus:HEUR:RemoteAdmin.Win32.Agent

14.0.0.-851

File size:

8.2 MB (8,558,096 bytes)

Product version:

6.5.0.8

Trademarks:

Remote Utilities, Usoris Systems

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\rut-agent\65008\7eb963e4ab\rutserv.exe

Digital Signature

Signed by:

Usoris Systems LLC

Authority:

DigiCert Inc

Valid from:

3/18/2016 8:00:00 AM

Valid to:

3/22/2018 8:00:00 PM

Subject:

CN=Usoris Systems LLC, O=Usoris Systems LLC, L=Victoria, S=Mahe, C=SC, PostalCode=0091, STREET=103 Sham Peng Tong Plaza, SERIALNUMBER=094258, OID.1.3.6.1.4.1.311.60.2.1.3=SC, OID.2.5.4.15=Private Organization

Issuer:

CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

060D6D4F59F257499A3C0F672517F576

File PE Metadata

Compilation timestamp:

12/12/2016 8:40:07 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x664558

Entry point:

55, 8B, EC, 83, C4, F0, B8, BC, 68, A4, 00, E8, AC, D7, 9A, FF, E8, 77, 3C, FD, FF, E8, 02, 61, 9A, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.7196

Developed / compiled with:

Microsoft Visual C++

Code size:

6.4 MB (6,695,936 bytes)

Windows Firewall Allowed Program

Name:

remote utilities - host

The file rutserv.exe has been discovered within the following program.

Remote Utilities - Host by Usoris Systems LLC

www.remoteutilities.com

About 8% of users remove it

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to CL-T136-074CN (70.38.38.43:5655)

Remove rutserv.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.