× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: db53ba7eba02ee1b24352a8ccc5011882b447f372ea16d381112c583a75382d2
File name: Revision.EXE
Detection ratio: 9 / 68
Analysis date: 2018-12-13 21:01:13 UTC ( 4 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.FU.cqW@aK4kdUc 20181213
Arcabit Trojan.Heur.FU.E79F55 20181213
BitDefender Gen:Trojan.Heur.FU.cqW@aK4kdUc 20181213
Cybereason malicious.b6d210 20180225
Emsisoft Gen:Trojan.Heur.FU.cqW@aK4kdUc (B) 20181213
F-Secure Gen:Trojan.Heur.FU.cqW@aK4kdUc 20181213
GData Gen:Trojan.Heur.FU.cqW@aK4kdUc 20181213
MAX malware (ai score=89) 20181213
eScan Gen:Trojan.Heur.FU.cqW@aK4kdUc 20181213
AegisLab 20181213
AhnLab-V3 20181213
Alibaba 20180921
ALYac 20181213
Antiy-AVL 20181213
Avast 20181213
Avast-Mobile 20181213
AVG 20181213
Avira (no cloud) 20181213
Babable 20180918
Baidu 20181207
Bkav 20181213
CAT-QuickHeal 20181213
ClamAV 20181213
CMC 20181213
Comodo 20181213
CrowdStrike Falcon (ML) 20181022
Cylance 20181213
Cyren 20181213
DrWeb 20181213
eGambit 20181213
Endgame 20181108
ESET-NOD32 20181213
F-Prot 20181213
Fortinet 20181213
Ikarus 20181213
Sophos ML 20181128
Jiangmin 20181213
K7AntiVirus 20181213
K7GW 20181213
Kaspersky 20181213
Kingsoft 20181213
Malwarebytes 20181213
McAfee 20181213
McAfee-GW-Edition 20181213
Microsoft 20181213
NANO-Antivirus 20181213
Palo Alto Networks (Known Signatures) 20181213
Panda 20181213
Qihoo-360 20181213
Rising 20181213
SentinelOne (Static ML) 20181011
Sophos AV 20181213
SUPERAntiSpyware 20181212
Symantec 20181213
Symantec Mobile Insight 20181212
TACHYON 20181213
Tencent 20181213
TheHacker 20181213
Trapmine 20181205
TrendMicro 20181213
TrendMicro-HouseCall 20181213
Trustlook 20181213
VBA32 20181213
ViRobot 20181213
Webroot 20181213
Yandex 20181213
Zillya 20181213
ZoneAlarm by Check Point 20181213
Zoner 20181213
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-01-01 03:25:45
Entry Point 0x00002490
Number of sections 4
PE sections
PE imports
InitCommonControlsEx
GetSystemTime
GetLastError
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
ExitProcess
TlsAlloc
FlushFileBuffers
GetVersionExA
LoadLibraryA
GetLocalTime
GetStartupInfoA
FileTimeToLocalFileTime
GetCommandLineW
GetDateFormatW
SetErrorMode
MultiByteToWideChar
GetProcAddress
GetLocaleInfoW
SetFilePointer
WideCharToMultiByte
TlsFree
GetModuleHandleA
ReadFile
WriteFile
CloseHandle
SetLocalTime
GetModuleHandleW
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
TlsGetValue
GetFileType
SetEndOfFile
TlsSetValue
SetLastError
ProgIDFromCLSID
CoUninitialize
CoInitialize
CoCreateInstance
CLSIDFromProgID
CoTaskMemFree
SysAllocStringLen
VariantCopyInd
VariantClear
GetActiveObject
SysFreeString
SysAllocStringByteLen
VariantChangeTypeEx
MessageBoxA
closesocket
WSACleanup
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1970:01:01 04:25:45+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
33104

LinkerVersion
2.52

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, No debug

EntryPoint
0x2490

InitializedDataSize
4608

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
2228

File identification
MD5 422eaa8b6d210a3593fcae6cb89ff869
SHA1 c84ddb06b869a86741ed1e3980644496bf899fdf
SHA256 db53ba7eba02ee1b24352a8ccc5011882b447f372ea16d381112c583a75382d2
ssdeep
768:QAeJ0nyTqN2rkrWW3+4leb/KHLgqS3slugWZAM5YgBniZr4ujvQECap:FO0yTG2rkSWOCYOCfZm4fE

authentihash 88f99f8f7fd10182336befc4d67a6c4c3556866947b1a7fcaf95c4715a246283
imphash 8297304aafb374a54ecf0503cefe5c45
File size 38.0 KB ( 38912 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable PowerBASIC/Win 10.x (76.0%)
Win32 Executable PowerBASIC (generic) (20.6%)
Win32 Dynamic Link Library (generic) (1.1%)
Win32 Executable (generic) (0.7%)
Win16/32 Executable Delphi generic (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-13 21:01:13 UTC ( 4 months, 1 week ago )
Last submission 2018-12-19 17:29:20 UTC ( 4 months ago )
File names Revision.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Runtime DLLs