» rvlkl_setup.exe
Overview
Analysis
File Details

rvlkl_setup.exe

Revealer Keylogger Pro Setup

Logixoft

The application rvlkl_setup.exe by Logixoft has been detected as adware by 9 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. Accoriding to the detections, this has been classified as a kyelogger which is capable of recoring a user's keystrokes.

File name:

rvlkl_setup.exe

Publisher:

Logixoft (signed and verified)

Product:

Revealer Keylogger Pro Setup

Version:

2.1.0.0

MD5:

9bd571eaf90f767bc280f8ee7887c898

SHA-1:

acb47fb86634062955aa0e76ffc76f92aa834d4a

SHA-256:

89c1e7ffe7c91fd001a329c30a2accd253c6283db36754977b01cc79b8e9f3ce

Scanner detections:

9 / 68

Status:

Adware

Analysis date:

4/25/2024 7:04:24 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.KeyLogger.QLF

548

Arcabit

Application.KeyLogger.QLF

1.0.0.425

Bitdefender

Application.KeyLogger.QLF

1.0.20.1090

Emsisoft Anti-Malware

Application.KeyLogger.QLF

8.15.08.06.07

F-Secure

Application.KeyLogger.QLF

11.2015-06-08_5

G Data

Application.KeyLogger.QLF

15.8.25

Malwarebytes

Keylogger.Logixoft

v2015.08.06.07

MicroWorld eScan

Application.KeyLogger.QLF

16.0.0.654

Reason Heuristics

PUP.Logixoft.Installer (M)

15.8.6.7

File size:

3.1 MB (3,275,328 bytes)

Product version:

2.1.0.0

Original file name:

rvlkl_setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\rvlkl_setup.exe

Digital Signature

Signed by:

Logixoft

Authority:

COMODO CA Limited

Valid from:

4/10/2013 8:00:00 PM

Valid to:

4/10/2016 7:59:59 PM

Subject:

CN=Logixoft, O=Logixoft, STREET="14, rue Marie-Rose le Bloch", L=QUIMPER, S=Bretagne, PostalCode=29000, C=FR

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

5B18B568174DC2D647EC70ED13CCBB8D

File PE Metadata

Compilation timestamp:

5/14/2014 11:24:24 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:mK2kzRuDzR1Eo6pKfOusocJ/o/waIbEhIWhkaVFj1sdiQa0mLuJbSS:jNEp1Eo68PcqwaIbshkaJsiTqJbSS

Entry address:

0x1105F

Entry point:

E8, 8B, 19, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 28, 30, 42, 00, 89, 0D, 24, 30, 42, 00, 89, 15, 20, 30, 42, 00, 89, 1D, 1C, 30, 42, 00, 89, 35, 18, 30, 42, 00, 89, 3D, 14, 30, 42, 00, 66, 8C, 15, 40, 30, 42, 00, 66, 8C, 0D, 34, 30, 42, 00, 66, 8C, 1D, 10, 30, 42, 00, 66, 8C, 05, 0C, 30, 42, 00, 66, 8C, 25, 08, 30, 42, 00, 66, 8C, 2D, 04, 30, 42, 00, 9C, 8F, 05, 38, 30, 42, 00, 8B, 45, 00, A3, 2C, 30, 42, 00, 8B, 45, 04, A3, 30, 30, 42, 00, 8D, 45, 08, A3, 3C, 30, 42... 
[+]

Entropy:

7.9179 (probably packed)

Code size:

100 KB (102,400 bytes)

Remove rvlkl_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.