home

revo uninstaller.exe

RAPIDDOWN

The application revo uninstaller.exe by RAPIDDOWN has been detected as adware by 18 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from dl.softohqimjjedf0jq.net.
Publisher:
RAPIDDOWN  (signed and verified)

Description:
DownloaddMger

Version:
1.0.0.27

MD5:
f15fe48200ddd9427ac728a629a8bda4

SHA-1:
62eafce093f5568e115c75295e472570dfe4c24c

SHA-256:
c023e2ad1dab85c934a5bf68f76fdb7b2a1a7f299102ba49d910f19fba60dc3f

Scanner detections:
18 / 68

Status:
Adware

Explanation:
This will bundle various adware such as the Whitesmoke Toolbar and Iminent Toolbar. "These offers will be displayed depending on the user's location as well as the configuration of his/her PC, considered normal to display 2-3 offers. Additionally, the download manager offers the optional installation of a toolbar."

Analysis date:
4/26/2024 1:27:57 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.Gen
7.11.125.100

avast!
Win32:Rapiddown-A [PUP]
2014.9-140109

AVG
MalSign.Generic
2015.0.3599

Comodo Security
Application.Win32.Bechiro.BCD
17618

Dr.Web
Trojan.DownLoader11.3153
9.0.1.09

ESET NOD32
Win32/FirseriaInstaller (variant)
8.9295

G Data
Win32.Application.Craftor
14.1.24

herdProtect (fuzzy)
variant of adwcleaner.exe (Adware)
2014.1.9.13

IKARUS anti.virus
not-a-virus:Downloader.Win32.Morstar
t3scan.2.2.29

Kaspersky
not-a-virus:Downloader.Win32.Morstar
14.0.0.4492

Malwarebytes
PUP.Optional.Firseria
v2014.01.15.04

NANO AntiVirus
Trojan.Win32.Morstar.csnpwt
0.28.0.57029

Panda Antivirus
Adware/Fiseria
14.01.15.04

Reason Heuristics
PUP.RAPIDDOWN.Q
14.8.7.21

Rising Antivirus
PE:PUF.FirseriaInstaller@CV!1.9C54
23.00.65.14107

Sophos
Solimba Installer
4.96

Vba32 AntiVirus
Downloader.Morstar
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
25452

File size:
173.9 KB (178,024 bytes)

Product version:
3.0.26

Copyright:
copyright·©·2013

Original file name:
¡nstal·exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\revo uninstaller.exe

Digital Signature
Signed by:
RAPIDDOWN

Authority:
DigiCert Inc

Valid from:
11/26/2013 7:00:00 PM

Valid to:
12/1/2014 7:00:00 AM

Subject:
CN=RAPIDDOWN, O=RAPIDDOWN, L=Badalona, S=Barcelona, C=ES

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
02E94F6B0DC7BF53B8B6341C02DE4104

File PE Metadata
Compilation timestamp:
12/20/2013 6:22:50 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:MXhaoP7Ddc4kJ5sXegDChJo8p8+EOjBPD3hSEE9TCcGZflRJueUhVQqWKBGoutbv:Lf5gtCh2dLOjBT8E2fG1l3jcwKMoSJN

Entry address:
0x62F90

Entry point:
60, BE, 00, F0, 43, 00, 8D, BE, 00, 20, FC, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 1A, 03, 06, 00, 57, 83, C3, 04, 53, 68, 86, 3F, 02, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.8820  (probably packed)

Code size:
148 KB (151,552 bytes)

The file revo uninstaller.exe has been seen being distributed by the following URL.

http://dl.softohqimjjedf0jq.net/n/3.0.26.1/.../Revo Uninstaller.exe

Remove revo uninstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.