home

revosetup.exe

Revo Uninstaller Setup

VS Revo Group Ltd.

The program is a setup application that uses the Nullsoft Scriptable Install System installer. The file has been seen being downloaded from 9d4da85dff3fdd198886-459beec849893df302ec58f8a71b3ad1.r61.cf1.rackcdn.com.
Publisher:
VS Revo Group Ltd.

Product:
Revo Uninstaller Setup

Version:
1.9.5.0

MD5:
ce16d28997227117a631a55cbfc91e4f

SHA-1:
e28f539f3481effd06ee1ae7ef5ecc8f24624be2

SHA-256:
e7a8cfb09a2d24e4d6b60adeaf879c6db94d1c7e4d1e98c214d8780b64593b4d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
1/9/2025 6:48:08 AM UTC  (today)

File size:
2.6 MB (2,689,192 bytes)

Copyright:
Copyright VS Revo Group

Trademarks:
Revo Uninstaller is a trademark of VS Revo Group

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\revosetup.exe

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:YhgKj1BodkgV5aaBS8lY72jt36SOHmQtggHwWmlZ0/Hv:kg+BCvJSY6SOvaMY4v

Entry address:
0x30CB

Entry point:
88, F8, F6, C0, B8, B3, 4A, 69, C2, E1, 01, AE, 81, 81, FD, F6, 19, 00, 00, C7, C6, 42, 04, 0F, 06, 89, D1, 57, 8A, E3, E8, 19, 00, 00, 00, 81, FD, 23, FB, 00, 00, 75, 07, 10, FA, 15, DB, 3B, 22, B5, F6, DF, 70, 04, 10, CE, F7, DF, 3B, C8, 0F, B7, DE, 81, E7, FE, 17, C9, 1B, B0, 8A, 2B, D5, 81, FB, 9E, 71, 00, 00, 77, 02, 10, CD, 75, 03, F6, C5, AA, 8A, C1, BB, 00, 00, 00, 00, EB, 03, 80, EE, 28, 19, F8, 73, 06, 69, F8, 42, 84, 04, 81, 81, C3, F8, FB, FF, FF, 8A, E7, 81, C3, 09, 04, 00, 00, 4D, 0F, AF, D3...
 
[+]

Entropy:
7.9924  (probably packed)

Code size:
22.5 KB (23,040 bytes)

The file revosetup.exe has been seen being distributed by the following URL.

http://9d4da85dff3fdd198886-459beec849893df302ec58f8a71b3ad1.r61.cf1.rackcdn.com/revosetup.exe

Scan revosetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.