» revealer.exe
Overview
Analysis
File Details
Downloads (13)

revealer.exe

Revealer

Rekenwonder Software

The executable revealer.exe, “Password Revealer” has been detected as malware by 3 anti-virus scanners. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.

File name:

revealer.exe

Publisher:

Rekenwonder Software

Product:

Revealer

Description:

Password Revealer

Version:

1.2.1

MD5:

8a6d3325fa5781dc25aab6b6c7cb3213

SHA-1:

40214af329ad97715d60e40b4f61f80d22ae4d6e

SHA-256:

8cdb459711cc8b691837c82c5c70f20cbe576a9c7805c74ea697ac73de6042eb

Scanner detections:

3 / 68

Status:

Malware

Analysis date:

9/28/2024 12:18:18 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Unnamed.Threat.14

14.3.2.13

Trend Micro House Call

SPYW_REVPASS

7.2.356

Trend Micro

SPYW_REVPASS

10.465.22

File size:

65 KB (66,560 bytes)

Product version:

1.2.1

Freeware

Trademarks:

Freeware

Original file name:

revealer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\portable\revealer.exe

File PE Metadata

Compilation timestamp:

4/28/2003 5:41:04 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.0

CTPH (ssdeep):

1536:ApPTLwTmITaCu/pycuGu5pRptItG8GoGGZ+sZ:8TLw4CcuG8pRptoPbZ

Entry address:

0x10E0

Entry point:

EB, 10, 66, 62, 3A, 43, 2B, 2B, 48, 4F, 4F, 4B, 90, E9, 98, A0, 40, 00, A1, 8B, A0, 40, 00, C1, E0, 02, A3, 8F, A0, 40, 00, 52, 6A, 00, E8, 05, 8B, 00, 00, 8B, D0, E8, E6, 17, 00, 00, 5A, E8, E8, 0A, 00, 00, E8, DF, 17, 00, 00, 6A, 00, E8, 3C, 2B, 00, 00, 59, 68, 34, A0, 40, 00, 6A, 00, E8, DF, 8A, 00, 00, A3, 93, A0, 40, 00, 6A, 00, E9, DF, 69, 00, 00, E9, 6A, 2B, 00, 00, 33, C0, A0, 7D, A0, 40, 00, C3, A1, 93, A0, 40, 00, C3, 60, BB, 00, 50, B0, BC, 53, 68, AD, 0B, 00, 00, C3, B9, A4, 00, 00, 00, 0B, C9... 
[+]

Entropy:

6.0799

Code size:

36 KB (36,864 bytes)

The file revealer.exe has been seen being distributed by the following 13 URLs.

http://gsf-cf.softonic.com/402/14a/.../file?SD_used=0&channel=WEB&fdh=no&id_file=9945&instance=softonic_br&type=PROGRAM&Expires=1447564517&Signature=OGyKPNHjm582IpvIGuDDPPMCZefEezUhBIJZmpNx1M-8I~vc6alqQI11LQ6UC~KZat2O3RLBudCWJqdy6ZYz0uVqFO9CEokJXj1cA6vHyX9YU8fId8ZY56K21V773z7ubrhp6BcKgmygAH65Uljp4~vEe0QQhysGh6G~2APROag_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=revealer1.0.exe

https://dl-web.dropbox.com/get/.../revealer.exe

https://doc-0c-88-docs.googleusercontent.com/docs/securesc/p70t7h4hncscajmejitk56cncc9nv8nq/r101g1638tq5v39fhgt14ar0vun8f607/1456581600000/.../03715819752742500618/0Bzyaj8-T5boALXMtazgxMUNRSWc?e=download

http://gsf-cf.softonic.com/402/14a/.../file?SD_used=0&channel=WEB&fdh=no&id_file=9945&instance=softonic_br&type=PROGRAM&Expires=1447589547&Signature=IoaFavJJuGFMZg-QzM3yiPow7IuoV26sHG-n6c9yTwm7eGZw69CgO1R8XiezBB8RneFm58KsbB05UC395o1R5Koz0ZrwXENmJ2Kc4Te3PG1svvH-sTIIvIKL-f7VrzT~ovk4sHfKmdj7A4RXdtfDz-lqyrYh0EcSWN9J~jbNJKw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=revealer1.0.exe

http://gsf-cf.softonic.com/402/14a/.../file?SD_used=0&channel=WEB&fdh=no&id_file=9945&instance=softonic_it&type=PROGRAM&Expires=1448495639&Signature=bJEYTiTrC1HJxMXrJZRjbC74~aTBoOTxotQ6dcUnYpew9IX9hLYKHxU-B7-vt62JA5Z40y9PJwZRBoPcYv2bwM47K-zBKS30VJ2uzOj43bTvkLNgj0365SvoZtJH-wpGtpt2Uocleywv8Jypqy29kBKhO4J2tmpPk87XHqGarA0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=revealer1.0.exe

http://gsf-cf.softonic.com/402/14a/.../file?SD_used=0&channel=WEB&fdh=no&id_file=9945&instance=softonic_br&type=PROGRAM&Expires=1462903207&Signature=O~5M~Ylfrc6zXpM5teHdPHbHwB-4QP6P8PjHq81ggmVAjg6g-Vic2uvimYBZquQcxFQ8ODIM3yzP8tmywB0i7HzblF-eflBLttOUNGBvzHL~NU~4KJ4u5YKG2ZeQbbAhdSZZ8d0tNZQhymVQ1J~xkqON1pCFS7bp0NnWNg9T7pI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=revealer1.0.exe

http://gsf-cf.softonic.com/402/14a/.../file?SD_used=0&channel=WEB&fdh=no&id_file=9945&instance=softonic_br&type=PROGRAM&Expires=1460297634&Signature=bE4UTEeJKU-y7wBEI4IZ95IKnyxbgupydSvNqHtufPS4TOZnrh84ZAlpOoesCgnOkhH06ygNNPknuQd4z0GODmGJhJMwxAZ-tKc7N-QsVNQBf63YuA1LR~mgFOoyEvmNQDEA22qHaBuwW~IgcOyuKG8t~FmxIw8rqCL9TtrnpAw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=revealer1.0.exe

http://gsf-cf.softonic.com/402/14a/.../file?SD_used=0&channel=WEB&fdh=no&id_file=9945&instance=softonic_it&type=PROGRAM&Expires=1460107043&Signature=iJzyrC34B6I9Jknv91C3w~hpH3axCSkoWOXBSlPpcS4MMIyWr6BwKsqNjaBPNm6E3TCZ65dvoaBaFWwBiQksx2iy9RE9kX2LptwH1H--kqwm6h5QRNpd7UEHIAx03YxSBmd6sNPql76~TCdJXEraj6jE3ERwIQj-nEJeCx29tnQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=revealer1.0.exe

http://gsf-cf.softonic.com/402/14a/.../file?SD_used=0&channel=WEB&fdh=no&id_file=9945&instance=softonic_br&type=PROGRAM&Expires=1455193762&Signature=HXhQ6adtOk9APIGNjZyeVdO9p89K9~PIk~ycl8wd2~9qfUrumBBxOlVl73cHjr~gCF2oCYir9FcR4-2-qdXFwlXDv7wQaycoob1sBcwlW35jl49gh0ZP4QWRW-W7J~5GNfA-V03PaXmWo2-XfEPsKDyaUFqa2VdUdOe3VWZBzEk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=revealer1.0.exe

http://gsf-cf.softonic.com/402/14a/.../file?SD_used=0&channel=WEB&fdh=no&id_file=9945&instance=softonic_br&type=PROGRAM&Expires=1452943725&Signature=QsT03odn-DJN3RFWrwPoFHzrthqoYWb6gbDG5ikESYbyGxLFEw0oFQjik-HgeK8slIv2X-q1bBkKxcLPjOhXK4bUnBD8bSv4~rFh9jXdf4kXSb29N8hMeLaAyjDwYH-6gMm2WxZlWr6sU6MUckbMk9WkCLPsqQxC53WvrVn-83M_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=revealer1.0.exe

http://users.pandora.be/.../revealer.exe

http://users.telenet.be/.../revealer.exe

http://www.rekenwonder.com/revealer.exe

Remove revealer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.