rev.exe
First submission 2024-09-03 08:39:01
File details
File type: | PE32+ executable (GUI) x86-64, for MS Windows |
Mime type: | application/x-dosexec |
File size: | 203.5 KB (208384 bytes) |
Compile time: | 2010-04-15 00:06:53 |
MD5: | c457b64b8faf93fb23adb3d3b6a6cb78 |
SHA1: | b7171be5e8a552346f4f44148c8935ed52ba90d6 |
SHA256: | 592474a6afcaa6a1147524a4a24ae9a535cd58f043e218ab64ae218ee7229f42 |
Import Hash : | b4c6fff030479aa3b12625be67bf4914 |
Sections 3 | .text .rdata .rdqu |
Directories 2 | import relocation |
File features detected
Is DLL
Packers
Anti Debug
Signed
XOR
OSINT Enrichments
Virus Total: | 62/79 VT report date: 2024-09-03 08:16:16 |
Malware Type 2 | trojan hacktool |
Threat Type 3 | metasploit rozena meterpreter |
URLs, FQDN and IP indicators 1
PE Sections 1 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
.text | 0x1000 | 0x104e | 4608 | e66374a7f405687da2de82ab3fbcad13858fa6b2 | a4a5deae25708a9e05f50bcad7075c86 | |
.rdata | 0x3000 | 0x84 | 512 | 7c2ecbbfe2f3f2953b02d7d8258b59f4bce79a68 | 25e6c54bdb625551eb1d822555f35050 | |
.rdqu | 0x4000 | 0x314c0 | 202240 | 51a4af895341a817654e014c18979bd986c84d46 | 7f63f30c30561c76de60281a26d0660b |
Anti debug functions 1
Bochs & QEmu CPUID Trick |
Strings analysis - File found
Library |
mscoree.dll |
USER32.dll |
KERNEL32.dll |
ADVAPI32.dll |
ole32.dll |
Server.dll |
WININET.dll |
WINHTTP.dll |
Crypt32.dll |
ntdll.dll |
WS2_32.dll |
Strings analysis - Possible IPs found 1
80.76.176.23 |
Import functions
Name | Latest seen | MD5 |
---|---|---|
bad.exe | 2022-10-30 08:35:02 | fc29a78b088f4f8763b539951c0224be |
danger.exe | 2022-10-30 08:39:01 | 84e3dd5b7aa0d74884c87cce88d44424 |
laliga.exe | 2022-10-30 08:46:01 | b233e282903a8868b63d0b1ca8f99388 |
hello1.exe | 2022-11-12 10:39:07 | a25b1023588ff9f60c9f077225e87dd3 |
NetSySCLI.exe | 2023-03-23 07:17:03 | 367030209dfe9a7f1631b8edad37cfa3 |
payload.exe | 2023-03-24 13:51:04 | 67e524e151efc62a8f5d3bbf8531e70a |
reverse.exe | 2023-04-25 11:13:01 | d32a31a376731f31251a2d17ea3828bf |
reverse.exe | 2024-05-16 09:55:03 | a82bf5b8bd59d570d8731e1a3d79051f |
64.exe | 2024-05-20 07:17:02 | e1517885f6c71f7b3dafa6d4610c4762 |
win-test.exe | 2024-05-24 09:32:02 | eb5d27678207ba63921c0b18a655bf3f |
reverse.exe | 2024-05-29 10:51:02 | 4d26ca2043c4603d6c5b6f235811b779 |
rev.exe | 2024-05-29 10:52:02 | b3e1688a68a66cf3844242de091a1dde |
rev5555.exe | 2024-05-29 10:53:01 | f75045a4f4bcd1bc4bb24e2e284e9c68 |
4441.exe | 2024-05-29 10:54:02 | 50a2e65a4d576d9aeb3b0b396ae3e898 |
itit.exe | 2024-05-29 10:55:02 | a63b46b7836c6c260dc4b37d7c640d3f |
rev5757.exe | 2024-05-29 10:56:01 | da7b09c790012d9eb2bcddf7ea88a2cd |
rev1.exe | 2024-05-29 10:58:01 | 286a3f0b531a16a03b70c53a85df0e2a |
rev5656.exe | 2024-05-29 10:59:02 | 6a9cbc059911a2dc01fbdb901a0107e8 |
dmshell.exe | 2024-06-28 09:27:01 | a62abdeb777a8c23ca724e7a2af2dbaa |
reverse.exe | 2024-06-27 18:32:02 | 8d4d8e821af9e7bdcdaa505c7234fa25 |
ssdfsa | 2024-07-02 08:57:02 | 079141b41d33eb41162ccea4de999d02 |
zdalne | 2024-07-02 08:58:02 | 51cb8a1abde68de1732d00a5edd0b09c |
tv2.exe | 2024-07-16 07:52:02 | 108f1fb53a61d46e8df4331ed0724c9d |
prompt.exe | 2024-09-03 08:36:02 | 26ea34638c9aab0fb5411b9944f50404 |
payload.exe | 2024-09-03 12:23:02 | ca6ae34bf2b35aacb25a27f94fb1f7d5 |
1_encoded.exe | 2024-09-03 12:24:02 | 6c098287139a5808d04237dd4cdaec3f |