» tsvr.exe
Overview
Analysis
File Details
Behaviors (1)

tsvr.exe

Trend Service

Wenchao Zhang

The application tsvr.exe by Wenchao Zhang has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “IhPul”.

File name:

tsvr.exe

Publisher:

Trend Corp. (signed by Wenchao Zhang)

Product:

Trend Service

Description:

Service

Version:

3.0.0.61

MD5:

a4823d2ef33f5d07adf2c710b6ce64fa

SHA-1:

e40a9f9fb10da9b9f76a4c87d363323efce77962

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/27/2024 4:26:33 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Elex (M)

16.10.22.9

File size:

374.5 KB (383,444 bytes)

Product version:

3.0.0.61

Original file name:

TSvr

File type:

Executable application (Win32 EXE)

Language:

Chinese

Common path:

C:\Documents and Settings\{user}\Application data\setup1\tsvr.exe

Digital Signature

Signed by:

Wenchao Zhang

Authority:

thawte, Inc.

Valid from:

9/5/2016 2:00:00 AM

Valid to:

6/9/2017 1:59:59 AM

Subject:

CN=Wenchao Zhang, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

7CB55FC93FD558DCF3695EC30265298F

File PE Metadata

Compilation timestamp:

9/2/2016 12:00:53 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:9dAHDkVdaxObz46Vp/rTyuaJD++L+35RiKgAos/4Jo:9Uk3ar6VlrTyxDfjKio

Entry address:

0x34000

Entry point:

90, 68, 74, A0, 07, 00, 59, BE, 1A, 40, 43, 00, 90, 68, 98, 05, 00, 00, 5F, 31, 0C, 3E, 83, EF, 04, 75, F8, 90, 90, 90, 9C, DD, 06, 00, 74, A0, 07, 00, 74, A0, 47, 00, FE, 0B, 06, 00, A4, 82, 04, 00, A0, 89, 04, 00, 74, 10, 05, 00, 75, A0, 07, 00, 14, 40, 46, 00, EA, 82, 45, 00, CE, 82, 45, 00, F0, A5, 05, 00, E8, 82, 05, 00, CC, 82, 05, 00, 14, 68, 06, 00, E8, 82, 05, 00, CC, 82, 05, 00, 74, A0, 07, 00, 74, A0, 07, 00, 74, A0, 07, 00, 74, A0, 07, 00, 74, A0, 07, 00, 74, A0, 07, 00, 74, A0, 07, 00, 74, A0... 
[+]

Entropy:

7.2670

Code size:

113 KB (115,712 bytes)

Service

Display name:

IhPul

Type:

Win32OwnProcess

Remove tsvr.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.