dsrvprn.exe

Acai Tech Ltd

The application dsrvprn.exe by Acai Tech has been detected as adware by 2 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “dsrvprn”.
Publisher:
Acai Tech Ltd  (signed and verified)

MD5:
c4a0b6e6e27199d38bf54dfc0df81ec7

SHA-1:
c792ab43aaaf119df1b7c3286a91ee37fceb1373

SHA-256:
18c49f7eb688a6bbf58318fe6cfc96fb5432108bb0f9d32b9e92e2fe2706c316

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
11/23/2024 3:17:16 PM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
W32.Alman
2.1.4+

Reason Heuristics
PUP.Service.AcaiTech.H
14.11.21.23

File size:
251.8 KB (257,848 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Windows\System32\dsrvprn.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
9/21/2014 7:00:00 PM

Valid to:
9/22/2015 6:59:59 PM

Subject:
CN=Acai Tech Ltd, O=Acai Tech Ltd, STREET=Rakefet 19, L=Hod Hasharon, S=Sharon, PostalCode=4520634, C=IL

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
189E85B982528243713729AC8244D22C

File PE Metadata
Compilation timestamp:
11/2/2014 7:56:15 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:uY/L+rtmbaMcDh0UG++NSF6gWQMSbtz8tCFMi1:lzpbaFnJO0hBzQwMi

Entry address:
0x10068

Entry point:
E8, CA, 56, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, 83, 66, 04, 00, C7, 06, 4C, 02, 42, 00, C6, 46, 08, 00, FF, 30, E8, A8, 00, 00, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 8B, 45, 08, C7, 01, 4C, 02, 42, 00, 8B, 00, 89, 41, 04, C6, 41, 08, 00, 8B, C1, 5D, C2, 08, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, 83, 66, 04, 00, C7, 06, 4C, 02, 42, 00, C6, 46, 08, 00, E8, 12, 00, 00, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 4C, 02, 42, 00, E9, 96, 00, 00, 00, 55, 8B, EC, 56, 57, 8B, 7D, 08...
 
[+]

Entropy:
5.6848

Code size:
118 KB (120,832 bytes)

Service
Display name:
dsrvprn

Type:
Win32OwnProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-241-254-192.us-west-1.compute.amazonaws.com  (54.241.254.192:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (52.216.18.128:80)

Remove dsrvprn.exe - Powered by Reason Core Security