» revs.exe
Overview
Analysis
File Details
Network (3)

revs.exe

The application revs.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.

File name:

revs.exe

MD5:

493fa67fcf78db67befe5b57f624da13

SHA-1:

ba343430cae8bc6345e0b53e59e241abbd66457a

SHA-256:

38e9d39b07c20585f5f4d61abc2542e8b3259232d7161dd04b82be736f98e2e3

Scanner detections:

13 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

5/7/2024 11:04:21 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.OutBrowse

7.1.1

Baidu Antivirus

Adware.Win32.OutBrowse

4.0.3.1499

Dr.Web

Trojan.Packed.28499

9.0.1.0252

ESET NOD32

Win32/OutBrowse.AB (variant)

8.10378

IKARUS anti.virus

PUA.OutBrowse

t3scan.1.7.5.0

K7 AntiVirus

Trojan

13.183.13286

Kaspersky

not-a-virus:AdWare.Win32.OutBrowse

14.0.0.3276

McAfee

Artemis!493FA67FCF78

5600.7012

NANO AntiVirus

Riskware.Win32.OutBrowse.ddwemx

0.28.2.61942

Panda Antivirus

Trj/Genetic.gen

14.09.09.06

Reason Heuristics

Threat.Win.Reputation.IMP

14.9.9.18

Sophos

Generic PUA LK

4.98

Trend Micro House Call

TROJ_GEN.R02KH07I614

7.2.252

File size:

791 KB (809,984 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\revs.exe

File PE Metadata

Compilation timestamp:

8/14/2014 5:43:27 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:Wu21k2px0um9aP0FVbMhUsYQEqrMcnwkF9g6Pq:s1k2px05QPkVbMhUvQElcwkF9g6Pq

Entry address:

0x7F2F2

Entry point:

E8, F8, A8, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, F0, 99, 4B, 00, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, 8C, AB, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, 7C, AB, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00, 8B, 4D, 10, 8D, 55, E8, 89, 53, FC, 8B, 5B, 0C, 89, 45, E8, 89, 4D, EC, 83, FB, FE, 74, 5F, 8D, 49, 00, 8D, 04... 
[+]

Entropy:

6.6064

Code size:

611 KB (625,664 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-50-19-221-149.compute-1.amazonaws.com (50.19.221.149:80)

TCP (HTTP):

Connects to ec2-23-23-115-80.compute-1.amazonaws.com (23.23.115.80:80)

TCP (HTTP):

Connects to 224-124-232-198.static.unitasglobal.net (198.232.124.224:80)

Remove revs.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.