rev.exe

First submission 2024-09-03 08:39:01

File details

File type: PE32+ executable (GUI) x86-64, for MS Windows
Mime type: application/x-dosexec
File size: 203.5 KB (208384 bytes)
Compile time: 2010-04-15 00:06:53
MD5: c457b64b8faf93fb23adb3d3b6a6cb78
SHA1: b7171be5e8a552346f4f44148c8935ed52ba90d6
SHA256: 592474a6afcaa6a1147524a4a24ae9a535cd58f043e218ab64ae218ee7229f42
Import Hash : b4c6fff030479aa3b12625be67bf4914
Sections 3 .text .rdata .rdqu
Directories 2 import relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 62/79 VT report date: 2024-09-03 08:16:16
Malware Type 2 trojan hacktool
Threat Type 3 metasploit rozena meterpreter

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://80.76.176.23/rev.exe VirusTotal Report 80.76.176.23 VirusTotal Report 2024-09-03 08:39:01

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x104e 4608 e66374a7f405687da2de82ab3fbcad13858fa6b2 a4a5deae25708a9e05f50bcad7075c86
.rdata 0x3000 0x84 512 7c2ecbbfe2f3f2953b02d7d8258b59f4bce79a68 25e6c54bdb625551eb1d822555f35050
.rdqu 0x4000 0x314c0 202240 51a4af895341a817654e014c18979bd986c84d46 7f63f30c30561c76de60281a26d0660b

Anti debug functions 1

Bochs & QEmu CPUID Trick

Strings analysis - File found

Library
mscoree.dll
USER32.dll
KERNEL32.dll
ADVAPI32.dll
ole32.dll
Server.dll
WININET.dll
WINHTTP.dll
Crypt32.dll
ntdll.dll
WS2_32.dll

Strings analysis - Possible IPs found 1

80.76.176.23

Import functions

Name Latest seen MD5
bad.exe 2022-10-30 08:35:02 fc29a78b088f4f8763b539951c0224be
danger.exe 2022-10-30 08:39:01 84e3dd5b7aa0d74884c87cce88d44424
laliga.exe 2022-10-30 08:46:01 b233e282903a8868b63d0b1ca8f99388
hello1.exe 2022-11-12 10:39:07 a25b1023588ff9f60c9f077225e87dd3
NetSySCLI.exe 2023-03-23 07:17:03 367030209dfe9a7f1631b8edad37cfa3
payload.exe 2023-03-24 13:51:04 67e524e151efc62a8f5d3bbf8531e70a
reverse.exe 2023-04-25 11:13:01 d32a31a376731f31251a2d17ea3828bf
reverse.exe 2024-05-16 09:55:03 a82bf5b8bd59d570d8731e1a3d79051f
64.exe 2024-05-20 07:17:02 e1517885f6c71f7b3dafa6d4610c4762
win-test.exe 2024-05-24 09:32:02 eb5d27678207ba63921c0b18a655bf3f
reverse.exe 2024-05-29 10:51:02 4d26ca2043c4603d6c5b6f235811b779
rev.exe 2024-05-29 10:52:02 b3e1688a68a66cf3844242de091a1dde
rev5555.exe 2024-05-29 10:53:01 f75045a4f4bcd1bc4bb24e2e284e9c68
4441.exe 2024-05-29 10:54:02 50a2e65a4d576d9aeb3b0b396ae3e898
itit.exe 2024-05-29 10:55:02 a63b46b7836c6c260dc4b37d7c640d3f
rev5757.exe 2024-05-29 10:56:01 da7b09c790012d9eb2bcddf7ea88a2cd
rev1.exe 2024-05-29 10:58:01 286a3f0b531a16a03b70c53a85df0e2a
rev5656.exe 2024-05-29 10:59:02 6a9cbc059911a2dc01fbdb901a0107e8
dmshell.exe 2024-06-28 09:27:01 a62abdeb777a8c23ca724e7a2af2dbaa
reverse.exe 2024-06-27 18:32:02 8d4d8e821af9e7bdcdaa505c7234fa25
ssdfsa 2024-07-02 08:57:02 079141b41d33eb41162ccea4de999d02
zdalne 2024-07-02 08:58:02 51cb8a1abde68de1732d00a5edd0b09c
tv2.exe 2024-07-16 07:52:02 108f1fb53a61d46e8df4331ed0724c9d
prompt.exe 2024-09-03 08:36:02 26ea34638c9aab0fb5411b9944f50404
payload.exe 2024-09-03 12:23:02 ca6ae34bf2b35aacb25a27f94fb1f7d5
1_encoded.exe 2024-09-03 12:24:02 6c098287139a5808d04237dd4cdaec3f