» revosetup.exe
Overview
Analysis
File Details

revosetup.exe

Revo Uninstaller Setup

VS Revo Group Ltd.

The executable revosetup.exe has been detected as malware by 11 anti-virus scanners. The program is a setup application that uses the Nullsoft Scriptable Install System installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.

File name:

revosetup.exe

Publisher:

VS Revo Group Ltd.

Product:

Revo Uninstaller Setup

Version:

1.9.5.0

MD5:

85c15c6a7eb9ab102779b9d73e7fb4c3

SHA-1:

a7ff6fea95a5fcb6eb83b909a68370e3f5583659

SHA-256:

47edd89841ed30bbf5ce29216fb806db1367b2d217c19d4562113fca26da496d

Scanner detections:

11 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

5/10/2024 8:05:02 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Kukacka

2014.9-150802

AVG

Win32/Sality

2016.0.3029

Bkav FE

W32.Sality.PE

1.3.0.4959

Dr.Web

Win32.Sector.11

9.0.1.0214

Emsisoft Anti-Malware

Win32.Sality.OG

8.15.08.02.01

ESET NOD32

Win32/Sality.NAU virus

9.7.0.302.0

F-Prot

W32/Sality.AK

v6.4.6.5.141

Microsoft Security Essentials

Threat.Undefined

1.187.1386.0

MicroWorld eScan

Win32.Sality.OG

16.0.0.642

nProtect

Win32.Sality.OG

14.11.05.01

VIPRE Antivirus

Threat.416209

34232

File size:

2.6 MB (2,693,288 bytes)

Trademarks:

Revo Uninstaller is a trademark of VS Revo Group

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Scriptable Install System

Language:

English (United States)

Common path:

C:\users\{user}\downloads\programs\revosetup.exe

File PE Metadata

Compilation timestamp:

12/6/2009 12:50:41 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:agKj1BodkgV5aaBS8lY72jt36SOHmQtggHwWmlZ0/Hv:n+BCvJSY6SOvaMY4v

Entry address:

0x30CB

Entry point:

34, 5F, F6, C2, 50, 09, FE, 85, FA, 49, F7, C3, A4, 65, 30, 88, F3, 11, CB, 81, FF, BF, D6, 00, 00, 76, 05, 80, C7, 77, 2A, DB, 69, DB, A5, B3, 05, A2, FF, C7, 6B, FF, 00, 0F, B7, C5, 69, D5, BF, 94, 5D, 1D, 0F, AF, D7, 69, EE, 9A, 4F, 69, 75, F6, C7, 02, 81, C7, E0, FC, FE, FF, B5, 7A, 87, F0, 85, DE, 81, C7, 21, 03, 01, 00, 8A, D7, 89, C2, 0F, AF, DB, F3, B3, BB, B0, C6, 81, FF, 36, 03, 00, 00, 0F, 82, C1, FF, FF, FF, 72, 03, 85, CF, 4D, 68, CC, 67, 86, 00, 57, B8, A0, 62, 41, F3, 84, FC, 85, D2, E8, 1C... 
[+]

Entropy:

7.9925 (probably packed)

Code size:

22.5 KB (23,040 bytes)

Remove revosetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.