Overview

overview

8

Static

static

3

Revo.Unins....0.exe

windows7-x64

8

Revo.Unins....0.exe

windows10-2004-x64

7

$EXEDIR/Re...xt.dll

windows7-x64

7

$EXEDIR/Re...xt.dll

windows10-2004-x64

7

$EXEDIR/Re...ar.exe

windows7-x64

1

$EXEDIR/Re...ar.exe

windows10-2004-x64

1

$EXEDIR/Re...md.exe

windows7-x64

6

$EXEDIR/Re...md.exe

windows10-2004-x64

6

$EXEDIR/Re...ro.exe

windows7-x64

1

$EXEDIR/Re...ro.exe

windows10-2004-x64

1

$EXEDIR/Re...lt.sys

windows7-x64

1

$EXEDIR/Re...lt.sys

windows10-2004-x64

1

$EXEDIR/Re...lt.sys

windows10-2004-x64

1

$EXEDIR/Re...lt.sys

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

RUExt.dll

windows7-x64

7

RUExt.dll

windows10-2004-x64

7

RevoAppBar.exe

windows7-x64

1

RevoAppBar.exe

windows10-2004-x64

1

RevoCmd.exe

windows7-x64

6

RevoCmd.exe

windows10-2004-x64

6

RevoUnPro.exe

windows7-x64

1

RevoUnPro.exe

windows10-2004-x64

1

Vista/revoflt.sys

windows7-x64

1

Vista/revoflt.sys

windows10-2004-x64

1

Win10/revoflt.sys

windows10-2004-x64

1

revoflt.sys

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Revo.Uninstaller.Pro.v5.3.0.exe

  • Size

    20.7MB

  • MD5

    ab260bfafed128f7519aaca44e8482da

  • SHA1

    ccef21b5db0834698fc75d2b9f249e298bc050b5

  • SHA256

    72a070524c85666844ca7ee14f2e9280faabda2664dcc3bfde927ac67c66fc61

  • SHA512

    33ec4e2f8cefaf1e523dc1d705576ad04c74df4d3ed3aee4f6d4cf4ef83f24ee862dfc30552a0219109fa1548a10c31ce2310a418593013537d56cba6c122f3a

  • SSDEEP

    393216:6v24Hctnm9hV2y4dl7IAo+hZNPCX+O/3/qDAtrBbx/jasTuYBnTJ/tlfkBaEUUE+:6HHHV/4dlDo+hL4+OvSDQFxmsTuY1TJW

Score
3/10

Malware Config

Signatures

  • Unsigned PE 4 IoCs

    Checks for missing Authenticode signature.

Files

  • Revo.Uninstaller.Pro.v5.3.0.exe
    .exe windows:4 windows x86 arch:x86

    9dda1a1d1f8a1d13ae0297b47046b26e


    Headers

    Imports

    Sections

  • $EXEDIR/RevoUninstallerProPortable/x64/RUExt.dll
    .dll regsvr32 windows:6 windows x64 arch:x64

    e8380fe624937c4f0223062d30630ef4


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $EXEDIR/RevoUninstallerProPortable/x64/RevoAppBar.exe
    .exe windows:6 windows x64 arch:x64

    d628a171ed0532553d466e975d330c62


    Code Sign

    Headers

    Imports

    Sections

  • $EXEDIR/RevoUninstallerProPortable/x64/RevoCmd.exe
    .exe windows:6 windows x64 arch:x64

    a41c0213a16d25e572012f132104c010


    Code Sign

    Headers

    Imports

    Sections

  • $EXEDIR/RevoUninstallerProPortable/x64/RevoUnPro.exe
    .exe windows:6 windows x64 arch:x64

    83363d77f2ea9d456b8e93bcc214ec4c


    Code Sign

    Headers

    Imports

    Sections

  • $EXEDIR/RevoUninstallerProPortable/x64/Vista/revoflt.inf
  • $EXEDIR/RevoUninstallerProPortable/x64/Vista/revoflt.sys
    .sys windows:6 windows x64 arch:x64

    cf10e28779d15c617f6ed3021cd35fa6


    Code Sign

    Headers

    Imports

    Sections

  • $EXEDIR/RevoUninstallerProPortable/x64/Win10/revoflt.inf
  • $EXEDIR/RevoUninstallerProPortable/x64/Win10/revoflt.sys
    .sys windows:10 windows x64 arch:x64

    9b2fb7939e09d145148dabcd9e6beedb


    Code Sign

    Headers

    Imports

    Sections

  • $EXEDIR/RevoUninstallerProPortable/x64/revoflt.inf
  • $EXEDIR/RevoUninstallerProPortable/x64/revoflt.sys
    .sys windows:10 windows x64 arch:x64

    9b2fb7939e09d145148dabcd9e6beedb


    Code Sign

    Headers

    Imports

    Sections

  • $EXEDIR/RevoUninstallerProPortable/x86/Vista/revoflt.inf
  • $EXEDIR/RevoUninstallerProPortable/x86/Win10/revoflt.inf
  • $EXEDIR/RevoUninstallerProPortable/x86/revoflt.inf
  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    509a34b3a68a773e0afb4259e68f9f82


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    68b7023f8923dd087549802f8fa631c3


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsProcess.dll
    .dll windows:5 windows x86 arch:x86

    439074d1c01f7b16781bdf060930814a


    Headers

    Imports

    Exports

    Sections

  • License.txt
  • RUExt.dll
    .dll regsvr32 windows:6 windows x64 arch:x64

    e8380fe624937c4f0223062d30630ef4


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • RevoAppBar.exe
    .exe windows:6 windows x64 arch:x64

    d628a171ed0532553d466e975d330c62


    Code Sign

    Headers

    Imports

    Sections

  • RevoCmd.exe
    .exe windows:6 windows x64 arch:x64

    a41c0213a16d25e572012f132104c010


    Code Sign

    Headers

    Imports

    Sections

  • RevoUnPro.exe
    .exe windows:6 windows x64 arch:x64

    83363d77f2ea9d456b8e93bcc214ec4c


    Code Sign

    Headers

    Imports

    Sections

  • Vista/revoflt.inf
  • Vista/revoflt.sys
    .sys windows:6 windows x64 arch:x64

    cf10e28779d15c617f6ed3021cd35fa6


    Code Sign

    Headers

    Imports

    Sections

  • Win10/revoflt.inf
  • Win10/revoflt.sys
    .sys windows:10 windows x64 arch:x64

    9b2fb7939e09d145148dabcd9e6beedb


    Code Sign

    Headers

    Imports

    Sections

  • revoflt.inf
  • revoflt.sys
    .sys windows:10 windows x64 arch:x64

    9b2fb7939e09d145148dabcd9e6beedb


    Code Sign

    Headers

    Imports

    Sections

  • x64/RUExt.dll
    .dll regsvr32 windows:6 windows x64 arch:x64

    e8380fe624937c4f0223062d30630ef4


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • x64/RevoAppBar.exe
    .exe windows:6 windows x64 arch:x64

    d628a171ed0532553d466e975d330c62


    Code Sign

    Headers

    Imports

    Sections

  • x64/RevoCmd.exe
    .exe windows:6 windows x64 arch:x64

    a41c0213a16d25e572012f132104c010


    Code Sign

    Headers

    Imports

    Sections

  • x64/RevoUnPro.exe
    .exe windows:6 windows x64 arch:x64

    83363d77f2ea9d456b8e93bcc214ec4c


    Code Sign

    Headers

    Imports

    Sections

  • x64/Vista/revoflt.inf
  • x64/Vista/revoflt.sys
    .sys windows:6 windows x64 arch:x64

    cf10e28779d15c617f6ed3021cd35fa6


    Code Sign

    Headers

    Imports

    Sections

  • x64/Win10/revoflt.inf
  • x64/Win10/revoflt.sys
    .sys windows:10 windows x64 arch:x64

    9b2fb7939e09d145148dabcd9e6beedb


    Code Sign

    Headers

    Imports

    Sections

  • x64/revoflt.inf
  • x64/revoflt.sys
    .sys windows:10 windows x64 arch:x64

    9b2fb7939e09d145148dabcd9e6beedb


    Code Sign

    Headers

    Imports

    Sections

  • x86/Vista/revoflt.inf
  • x86/Win10/revoflt.inf
  • x86/revoflt.inf