4f7fc082c3d3eb9e53e4b577e0ea01a10aa91338955214f8245888077ff98edb

Analysis

max time kernel
31s
max time network
38s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2023, 19:19

Target

Revo Uninstaller Pro 5.1.1 Portable Win x64/RevoUninstallerProPortable.exe
Size

172KB
MD5

984f51ec99705062fe068dc4bef3fbbc
SHA1

2a617dfdee0d0bdf76556a2d0a3bd1f27e9038a5
SHA256

ec8070594d12fd76aaf18476488e3f24ecdb08830d26004ef6b90e41abda6fd9
SHA512

68e029bd81a147df137cc0d8abca472b826856fcbab5470fbe9fe63d866a3fffe6f1002d10c0a1cdf31b275dee5b5ed188d750325eb99f05848d953bd28f7edb
SSDEEP

3072:QZS1ODHhmmm/DiLgweak5yJcDK5io5RljzolzXZSx09FeR:QS1pU4qjzoVkx2s

Score

1^/10

Suspicious use of SetWindowsHookEx 4 IoCs

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1496 wrote to memory of 1528	1496	RevoUninstallerProPortable.exe	82
PID 1496 wrote to memory of 1528	1496	RevoUninstallerProPortable.exe	82

C:\Users\Admin\AppData\Local\Temp\Revo Uninstaller Pro 5.1.1 Portable Win x64\RevoUninstallerProPortable.exe
"C:\Users\Admin\AppData\Local\Temp\Revo Uninstaller Pro 5.1.1 Portable Win x64\RevoUninstallerProPortable.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1496
- C:\Users\Admin\AppData\Local\Temp\Revo Uninstaller Pro 5.1.1 Portable Win x64\x64\RevoUnPro.exe
  "C:\Users\Admin\AppData\Local\Temp\Revo Uninstaller Pro 5.1.1 Portable Win x64\x64\RevoUnPro.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1528

C:\Users\Admin\AppData\Local\Temp\Revo Uninstaller Pro 5.1.1 Portable Win x64\settings.ini

Filesize
897B

MD5
544da5c7fe8d8339dfeefbb043252565

SHA1
1955691a45abde033b1cb4d9c1d91c5b314b5c36

SHA256
a00fea31e752718109a04a2c3152255ed41af6237f5a72f68bd17a40f8ba1aa7

SHA512
7880a0fad9b668d54c6017ffc7f731e704452146e69edcd5696589cf772d1706a1ee82cb0695b2dab9819f6fdb5b951f7333f67a29705596613bfee1a9e153c7

Download Submit