revealer.exe

Revealer

Rekenwonder Software

The executable revealer.exe, “Password Revealer” has been detected as malware by 3 anti-virus scanners. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
Publisher:
Rekenwonder Software

Product:
Revealer

Description:
Password Revealer

Version:
1.2.1

MD5:
8a6d3325fa5781dc25aab6b6c7cb3213

SHA-1:
40214af329ad97715d60e40b4f61f80d22ae4d6e

SHA-256:
8cdb459711cc8b691837c82c5c70f20cbe576a9c7805c74ea697ac73de6042eb

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
12/26/2024 2:16:30 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Unnamed.Threat.14
14.3.2.13

Trend Micro House Call
SPYW_REVPASS
7.2.356

Trend Micro
SPYW_REVPASS
10.465.22

File size:
65 KB (66,560 bytes)

Product version:
1.2.1

Copyright:
Freeware

Trademarks:
Freeware

Original file name:
revealer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\portable\revealer.exe

File PE Metadata
Compilation timestamp:
4/28/2003 5:41:04 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
1536:ApPTLwTmITaCu/pycuGu5pRptItG8GoGGZ+sZ:8TLw4CcuG8pRptoPbZ

Entry address:
0x10E0

Entry point:
EB, 10, 66, 62, 3A, 43, 2B, 2B, 48, 4F, 4F, 4B, 90, E9, 98, A0, 40, 00, A1, 8B, A0, 40, 00, C1, E0, 02, A3, 8F, A0, 40, 00, 52, 6A, 00, E8, 05, 8B, 00, 00, 8B, D0, E8, E6, 17, 00, 00, 5A, E8, E8, 0A, 00, 00, E8, DF, 17, 00, 00, 6A, 00, E8, 3C, 2B, 00, 00, 59, 68, 34, A0, 40, 00, 6A, 00, E8, DF, 8A, 00, 00, A3, 93, A0, 40, 00, 6A, 00, E9, DF, 69, 00, 00, E9, 6A, 2B, 00, 00, 33, C0, A0, 7D, A0, 40, 00, C3, A1, 93, A0, 40, 00, C3, 60, BB, 00, 50, B0, BC, 53, 68, AD, 0B, 00, 00, C3, B9, A4, 00, 00, 00, 0B, C9...
 
[+]

Entropy:
6.0799

Code size:
36 KB (36,864 bytes)

The file revealer.exe has been seen being distributed by the following 13 URLs.

http://gsf-cf.softonic.com/402/14a/.../file?SD_used=0&channel=WEB&fdh=no&id_file=9945&instance=softonic_br&type=PROGRAM&Expires=1447564517&Signature=OGyKPNHjm582IpvIGuDDPPMCZefEezUhBIJZmpNx1M-8I~vc6alqQI11LQ6UC~KZat2O3RLBudCWJqdy6ZYz0uVqFO9CEokJXj1cA6vHyX9YU8fId8ZY56K21V773z7ubrhp6BcKgmygAH65Uljp4~vEe0QQhysGh6G~2APROag_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=revealer1.0.exe

https://dl-web.dropbox.com/get/.../revealer.exe

https://doc-0c-88-docs.googleusercontent.com/docs/securesc/p70t7h4hncscajmejitk56cncc9nv8nq/r101g1638tq5v39fhgt14ar0vun8f607/1456581600000/.../03715819752742500618/0Bzyaj8-T5boALXMtazgxMUNRSWc?e=download

http://gsf-cf.softonic.com/402/14a/.../file?SD_used=0&channel=WEB&fdh=no&id_file=9945&instance=softonic_br&type=PROGRAM&Expires=1447589547&Signature=IoaFavJJuGFMZg-QzM3yiPow7IuoV26sHG-n6c9yTwm7eGZw69CgO1R8XiezBB8RneFm58KsbB05UC395o1R5Koz0ZrwXENmJ2Kc4Te3PG1svvH-sTIIvIKL-f7VrzT~ovk4sHfKmdj7A4RXdtfDz-lqyrYh0EcSWN9J~jbNJKw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=revealer1.0.exe

http://gsf-cf.softonic.com/402/14a/.../file?SD_used=0&channel=WEB&fdh=no&id_file=9945&instance=softonic_it&type=PROGRAM&Expires=1448495639&Signature=bJEYTiTrC1HJxMXrJZRjbC74~aTBoOTxotQ6dcUnYpew9IX9hLYKHxU-B7-vt62JA5Z40y9PJwZRBoPcYv2bwM47K-zBKS30VJ2uzOj43bTvkLNgj0365SvoZtJH-wpGtpt2Uocleywv8Jypqy29kBKhO4J2tmpPk87XHqGarA0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=revealer1.0.exe

Remove revealer.exe - Powered by Reason Core Security