File name:

RevoUninstaller_Portable.zip

Full analysis: https://app.any.run/tasks/ccded5e1-4a10-409d-b85d-adb4f2177c60
Verdict: Malicious activity
Analysis date: May 28, 2024, 22:57:11
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=store
MD5:

5178AEBA4F6DF6D3286DB3279EA5EA42

SHA1:

2AE1E2B7715EE5558CAC80118A8BEF638348055D

SHA256:

FD8B2FB37D0F146FEF98DD7B6079FE40A4E04879E247F4A37EF12443CCF6C2B3

SSDEEP:

196608:+CIWZpaF8TmKnviC6c8OVET4H8odWAPmBzaUZuTE4j6p+:BprnviCVLV24HBd+Bzyj6p+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3968)

    • Actions looks like stealing of personal data

      • RevoUn.exe (PID: 2180)

  • SUSPICIOUS

    • Searches for installed software

      • RevoUn.exe (PID: 2180)

  • INFO

    • Manual execution by a user

      • RevoUPort.exe (PID: 1680)
      • RevoUPort.exe (PID: 4088)

    • Checks supported languages

      • RevoUPort.exe (PID: 1680)
      • RevoUn.exe (PID: 2180)

    • Reads the computer name

      • RevoUn.exe (PID: 2180)

    • Reads the machine GUID from the registry

      • RevoUn.exe (PID: 2180)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3968)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2023:06:05 08:37:20
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: RevoUninstaller_Portable/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
4
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe revouport.exe no specs revouport.exe revoun.exe

Process information

PID
CMD
Path
Indicators
Parent process
1680"C:\Users\admin\Desktop\RevoUninstaller_Portable\RevoUPort.exe" C:\Users\admin\Desktop\RevoUninstaller_Portable\RevoUPort.exe
explorer.exe
User:
admin
Company:
VS Revo Group
Integrity Level:
HIGH
Exit code:
0
Version:
2, 0, 0, 0
Modules
Images
c:\users\admin\desktop\revouninstaller_portable\revouport.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
2180C:\Users\admin\Desktop\RevoUninstaller_Portable\x86\RevoUn.exeC:\Users\admin\Desktop\RevoUninstaller_Portable\x86\RevoUn.exe
RevoUPort.exe
User:
admin
Company:
VS Revo Group
Integrity Level:
HIGH
Description:
Revo Uninstaller
Version:
2.4.5.0
Modules
Images
c:\users\admin\desktop\revouninstaller_portable\x86\revoun.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3968"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\RevoUninstaller_Portable.zipC:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
4088"C:\Users\admin\Desktop\RevoUninstaller_Portable\RevoUPort.exe" C:\Users\admin\Desktop\RevoUninstaller_Portable\RevoUPort.exeexplorer.exe
User:
admin
Company:
VS Revo Group
Integrity Level:
MEDIUM
Exit code:
3221226540
Version:
2, 0, 0, 0
Modules
Images
c:\users\admin\desktop\revouninstaller_portable\revouport.exe
c:\windows\system32\ntdll.dll
Total events
9 791
Read events
9 778
Write events
13
Delete events
0

Modification events

(PID) Process:(3968) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3968) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3968) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3968) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3968) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3968) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3968) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\RevoUninstaller_Portable.zip
(PID) Process:(3968) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3968) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3968) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
3
Suspicious files
2
Text files
48
Unknown types
0

Dropped files

PID
Process
Filename
Type
3968WinRAR.exeC:\Users\admin\Desktop\RevoUninstaller_Portable\lang\azerbaijani.initext
MD5:2952EBFB627A4E0ECA6AE36179FB77E8
SHA256:104F10070994CA92176913A71726590DF2487BA756512CE6B3ABAA50CED8679B
3968WinRAR.exeC:\Users\admin\Desktop\RevoUninstaller_Portable\lang\albanian.initext
MD5:CD86D5DF4564A5D91934B3383A2B342E
SHA256:09FE4F2A0D1D54C5D374DB235F07F06642404A630F8B981461B0F7998B7C753B
3968WinRAR.exeC:\Users\admin\Desktop\RevoUninstaller_Portable\lang\armenian.initext
MD5:C2E52ABF76949AC22C6A1065B6B31C26
SHA256:1DA3E26753481F5B8C46D4FAE24DE4C64272B94E5F8EFBA57D023D95D45AF71C
3968WinRAR.exeC:\Users\admin\Desktop\RevoUninstaller_Portable\lang\bulgarian.initext
MD5:29C6FA77CAFF22CEBEF89FE7CBB7E564
SHA256:8AD919E2DF77256C9DE97E5AB3BCB62669517360051E1F8C3444D2BDCDC9E824
3968WinRAR.exeC:\Users\admin\Desktop\RevoUninstaller_Portable\lang\czech.initext
MD5:EDF65AA9E3901E57E6290C53D9B18F19
SHA256:AA6B1D30A2ADC755A44122ACA13C7CA56C740C6E69F9B799EA6FD5CA7109DC4E
3968WinRAR.exeC:\Users\admin\Desktop\RevoUninstaller_Portable\lang\arabic.initext
MD5:C75676D808ED8D88ADD598CC51F79769
SHA256:D8D0C60EAD40825B14D3218AD5A17870F51D602653A397F2162F31B0150E6915
3968WinRAR.exeC:\Users\admin\Desktop\RevoUninstaller_Portable\lang\Estonian.initext
MD5:FB4844267D83DE0565C5AB8D8475605F
SHA256:1899006AAB38B129BAC93E3935BEF214ACCC31D7FBE08FEE733E7A89EEEF9E08
3968WinRAR.exeC:\Users\admin\Desktop\RevoUninstaller_Portable\lang\english.initext
MD5:5F57E969CB8F3AD0BBD859207A283BD5
SHA256:F2E8F9E5CF4F057E3399FF66485A485CBA419881AEEAC997049941396BDF63D8
3968WinRAR.exeC:\Users\admin\Desktop\RevoUninstaller_Portable\lang\bengali.initext
MD5:966C8ECA86F43A502D9836709ED34D6E
SHA256:25205DBA08243AEEB6516221847738D47F3C72C295F7D973E09433E2635C943D
3968WinRAR.exeC:\Users\admin\Desktop\RevoUninstaller_Portable\lang\hebrew.initext
MD5:9D97E4DA88F7417381E9271B2A5FACC0
SHA256:6AFA576FEADAF7AABE5FC735155523ED724ABC7871A899FBCA7A3F5AA1CFB8A8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
RevoUninstaller_Portable.zip