» rutserv.exe
Overview
Analysis
File Details
Behaviors (1)

rutserv.exe

Remote Manipulator System

Usoris Systems

The application rutserv.exe by Usoris Systems has been detected as a potentially unwanted program by 12 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Automatic Updatewin”.

File name:

rutserv.exe

Publisher:

TektonIT (signed by Usoris Systems)

Product:

Remote Manipulator System

Description:

RMS

Version:

6.3.0.5

MD5:

c4761c13f4ea4b3de3b8d36990504524

SHA-1:

2fadd8579bda156193c3ea276e1e20969b9b48d5

SHA-256:

395b54490b4e760d14a03b3df11a51e9a6fa4fa0cfe88922d7819d800631c7f6

Scanner detections:

12 / 68

Status:

Potentially unwanted

Analysis date:

7/13/2025 2:47:41 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.RemoteAdmin.DK

7.1.1

AhnLab V3 Security

Unwanted/Win32.RemoteAdmin

2016.03.09

Avira AntiVirus

BDS/Backdoor.Gen2

8.3.3.2

AVG

RemoteAdmin

2017.0.2802

Bkav FE

W32.HfsAdware

1.3.0.7717

ESET NOD32

Win32/RemoteAdmin.RemoteUtilities.D potentially unsafe (variant)

10.13148

G Data

Win32.Application.Agent.T8CBAG

16.3.25

Kaspersky

not-a-virus:RemoteAdmin.Win32.RMS

14.0.0.506

Panda Antivirus

Generic Suspicious

16.03.16.05

Qihoo 360 Security

Win32/Virus.RemoteAdmin.cac

1.0.0.1120

Rising Antivirus

PE:Malware.Generic(Thunder)!1.A1C4 [F]

23.00.65.16314

VIPRE Antivirus

Trojan.Win32.Generic

47736

File size:

6 MB (6,300,600 bytes)

Product version:

6.3.0.5

Trademarks:

Remote Manipulator System, TektonIT

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\ehome\ascon\rutserv.exe

Digital Signature

Signed by:

Usoris Systems

Authority:

Symantec Corporation

Valid from:

2/2/2015 2:00:00 AM

Valid to:

5/4/2017 2:59:59 AM

Subject:

CN=Usoris Systems, O=Usoris Systems, L=Victoria, S=Mahe, C=SC

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

2810859351B08906D00293C09A255A

File PE Metadata

Compilation timestamp:

6/26/2015 3:14:36 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:5+nzXENbLPa4D8S0Qhqc43geRZsUHqDUNBF4cAG677wyZmZ9qnMh9v7/G5yr3qT3:5+bwiFIqw96IcnyZmZ9qnMh9z/be

Entry address:

0x5027BC

Entry point:

55, 8B, EC, 83, C4, F0, B8, E8, 93, 8E, 00, E8, E0, D6, B0, FF, E8, C7, 51, FE, FF, E8, 2A, 7A, B0, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 32, 13, 00, 00, 00, 19, 00, 00, 02, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

5 MB (5,249,024 bytes)

Service

Display name:

Automatic Updatewin

Service name:

RManService

Description:

Type:

Win32OwnProcess

Remove rutserv.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.