home

Reverse.exe

Reverse Direction

Home

The application Reverse.exe has been detected as a potentially unwanted program by 28 anti-malware scanners. The file has been seen being downloaded from neocity1.free.fr.
Publisher:
Home

Product:
Reverse Direction

Version:
1.00.0002

MD5:
d2c83810b45af9d1b0f80fb637f8956e

SHA-1:
bb7518b03fe4fb9a46c64a5495c54cbc41c1c69b

SHA-256:
c4642170f2215a461d799113ff417bc2231cc5d6626418b298f3b00f94c380d2

Scanner detections:
28 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 5:34:59 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Provis
7.1.1

AhnLab V3 Security
Win-Trojan/Agent2.M.14848
2013.11.15

Avira AntiVirus
JOKE/VB.H
7.11.121.222

avast!
Win32:Malware-gen
2014.9-130829

Baidu Antivirus
Trojan.Win32.Provis
4.0.3.131127

Bitdefender
Application.Annoyance.A
1.0.20.1205

Bkav FE
W32.Clodb90.Trojan
1.3.0.4613

Clam AntiVirus
Joke.Reverse
0.98/18355

Comodo Security
UnclassifiedMalware
17491

Dr.Web
Joke.Reverse
9.0.1.0331

Fortinet FortiGate
W32/Generic!tr
8/29/2013

F-Prot
W32/Trojan2.MLQI
v6.4.7.1.166

F-Secure
Application.Annoyance.A
11.2013-29-08_5

G Data
Application.Annoyance
13.8.22

IKARUS anti.virus
Trojan.Win32.Provis
t3scan.2.2.29

K7 AntiVirus
Trojan
13.174.10623

Malwarebytes
Trojan.Provis
v2013.08.29.12

McAfee
Generic VB
5600.7181

Microsoft Security Essentials
Trojan:Win32/Provis!rts
1.165.247.01

MicroWorld eScan
Application.Annoyance.A
14.0.0.723

NANO AntiVirus
Riskware.Win32.Reverse.vozvn
0.28.0.57029

Norman
Suspicious_Gen2.USJTA
11.20130829

Panda Antivirus
Trj/Genetic.gen
13.08.29.12

Reason Heuristics
Unnamed.Threat.65
14.3.1.0

Sophos
Mal/Generic-L
4.96

Trend Micro House Call
JOKE_VB
7.2.331

Trend Micro
JOKE_VB
10.465.29

VIPRE Antivirus
Joke Program (not malicious)
24708

File size:
14.5 KB (14,848 bytes)

Product version:
1.00.0002

Copyright:
Dennis Software

Original file name:
Reverse.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Traditional, Taiwan)

Common path:
C:\users\{user}\downloads\reverse.exe

File PE Metadata
Compilation timestamp:
8/19/1998 8:20:42 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
4.20

CTPH (ssdeep):
192:I9PxGdwAYli6hhSQ99uo1ImBiqzcIeJVZ86bDMV39Di0iU0f:E6XYcK599uYj0qwhbhXuDiq0f

Entry address:
0x113C

Entry point:
68, F0, 12, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 36, 31, A0, E9, BA, 37, D2, 11, 9A, 0B, A0, EE, 05, C1, 05, 38, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 50, 72, 6F, 6A, 65, 63, 74, 31, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 01, C5, 30, A0, E9, BA, 37, D2, 11, 9A, 0B, A0, EE, 05, C1, 05, 38, C6, 30, A0, E9, BA, 37, D2, 11, 9A, 0B, A0, EE, 05, C1, 05, 38, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
4.7624

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
8 KB (8,192 bytes)

The file Reverse.exe has been seen being distributed by the following URL.

http://neocity1.free.fr/animation_programme/.../f0024.exe

Remove Reverse.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.