» RSRemote.EXE
Overview
Analysis
File Details
Behaviors (1)

RSRemote.EXE

RSRemote 应用程序

Fuzhou Returnstar Technology Co.,Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘RSRemote’.

File name:

RSRemote.EXE

Publisher:

Fuzhou Returnstar Technology Co.,Ltd (signed and verified)

Product:

RSRemote 应用程序

Description:

RSRemote Microsoft 基础类应用程序

Version:

1, 0, 0, 1

MD5:

065f766d872d876d0bf49c2f38bc2ea5

SHA-1:

a15d9dbfef17e6c24d913ede166b239b2de5e3f8

SHA-256:

e16bf5c4e6401ff343e9a008085dae66e47af0a69ea0e4a462861507b4916005

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

1/14/2025 11:19:48 PM UTC (a few moments ago)

File size:

42.4 KB (43,408 bytes)

Product version:

1, 0, 0, 1

Original file name:

RSRemote.EXE

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, China)

Common path:

C:\Program Files\iq interactive education platform resource\resent\rsremote.exe

Digital Signature

Signed by:

Fuzhou Returnstar Technology Co.,Ltd

Authority:

VeriSign, Inc.

Valid from:

5/23/2012 7:00:00 AM

Valid to:

5/24/2015 6:59:59 AM

Subject:

CN="Fuzhou Returnstar Technology Co.,Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Fuzhou Returnstar Technology Co.,Ltd", L=Fujian, S=Fuzhou, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

049F218C42F9D0481EE774CF9C70A1BF

File PE Metadata

Compilation timestamp:

4/24/2013 6:14:33 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x456C

Entry point:

55, 8B, EC, 6A, FF, 68, B0, 57, 40, 00, 68, F8, 46, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 10, 52, 40, 00, 59, 83, 0D, 80, 73, 40, 00, FF, 83, 0D, 84, 73, 40, 00, FF, FF, 15, 0C, 52, 40, 00, 8B, 0D, 74, 73, 40, 00, 89, 08, FF, 15, 08, 52, 40, 00, 8B, 0D, 70, 73, 40, 00, 89, 08, A1, 1C, 52, 40, 00, 8B, 00, A3, 7C, 73, 40, 00, E8, 1C, 01, 00, 00, 39, 1D, E8, 70, 40, 00, 75, 0C, 68, F4, 46, 40, 00, FF, 15, 20, 52... 
[+]

Entropy:

4.8973

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

16 KB (16,384 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

RSRemote

Command:

"C:\Program Files\iq interactive education platform resource\resent\rsremote.exe"

Scan RSRemote.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.