home

rutserv.exe

Remote Utilities

Usoris Systems LLC

The application rutserv.exe by Usoris Systems has been detected as a potentially unwanted program by 6 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Windows Media Driver”. While running, it connects to the Internet address CL-T136-074CN on port 5655.
Publisher:
Usoris Systems LLC  (signed and verified)

Product:
Remote Utilities

Version:
6.3.0.6

MD5:
8849e71977035491dd8f6072dba0aae0

SHA-1:
ec7fc1dd9c37350b63f858787c4de3832ee9b9a1

SHA-256:
0955039154beb37af1c96e2b17af07de48650279a588e8504a95847192c5cadb

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
7/12/2025 8:24:41 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
BDS/Backdoor.Gen2
8.3.2.4

ESET NOD32
Win32/RemoteAdmin.RemoteUtilities.D potentially unsafe (variant)
10.12645

Kaspersky
not-a-virus:RemoteAdmin.Win32.RMS
14.0.0.670

NANO AntiVirus
Trojan.Win32.RemoteAdmin.dyvtue
0.30.26.4751

Qihoo 360 Security
HEUR/QVM05.1.Malware.Gen
1.0.0.1077

VIPRE Antivirus
Trojan.Win32.Generic
45518

File size:
6 MB (6,300,584 bytes)

Product version:
6.3.0.6

Copyright:
Copyright © 2015 Usoris Systems LLC All rights reserved.

Trademarks:
Usoris Systems LLC, Remote Utilities

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\drvset\rutserv.exe

Digital Signature
Signed by:
Usoris Systems LLC

Authority:
DigiCert Inc

Valid from:
7/1/2015 5:00:00 AM

Valid to:
7/5/2016 5:00:00 PM

Subject:
CN=Usoris Systems LLC, O=Usoris Systems LLC, L=Victoria, S=Mahe, C=SC

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
045C13C254346C04EF3304E6ACD100C5

File PE Metadata
Compilation timestamp:
7/2/2015 2:01:36 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:Y+nzXpubLPa4D8S0Qhqc43geRZsUHqDUNBFUc/5fwsDalXbtcHQz1SjhjByMTgTp:Y+bkiFIqw96EchalLtcHQzE+5U8

Entry address:
0x502790

Entry point:
55, 8B, EC, 83, C4, F0, B8, BC, 92, 8E, 00, E8, 0C, D7, B0, FF, E8, B3, 50, FE, FF, E8, 56, 7A, B0, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
5 MB (5,248,512 bytes)

Service
Display name:
Windows Media Driver

Service name:
RManService

Description:
Authorization for signed Windows Media files

Type:
Win32OwnProcess


The executing file has been seen to make the following network communication in live environments.

TCP:
Connects to CL-T136-074CN  (70.38.38.43:5655)

Remove rutserv.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.