How to remove $REVSATO.exe
- File Details
- Overview
- Analysis
$REVSATO.exe
The module $REVSATO.exe has been detected as Risk.RemoteAdmin
File Details
| Product Name: |
|
| Company Name: |
|
| MD5: |
98ba69768d3b57617b9ffe757f6f84b1 |
| Size: |
1 MB |
| First Published: |
2017-07-18 17:13:14 (7 years ago) |
| Latest Published: |
2018-08-15 02:11:27 (6 years ago) |
| Status: |
Risk.RemoteAdmin (on last analysis) |
|
| Analysis Date: |
2018-08-15 02:11:27 (6 years ago) |
Overview
| %programfiles%\ultravnc |
| %sysdrive%\ubcd4win\plugin\network\ultravnc\files |
| %sysdrive%\$recycle.bin\s-1-5-21-2087035277-3798034300-3097854789-1002 |
| %sysdrive%\ubcd4win\plugin\network\ultravnc |
| %desktop%\backup\recovered data 09-12-2016 at 22_05_51\ntfs 0\ubcd4win1\plugin\network\ultravnc |
| %desktop%\backup\recovered data 09-12-2016 at 22_05_51\ntfs 0\ubcd4win\plugin\network\ultravnc |
| %desktop%\backup\recovered data 09-13-2016 at 11_22_46\ntfs 0\ubcd4win\plugin\network\ultravnc |
| %desktop%\backup\recovered data 09-13-2016 at 11_22_46\ntfs 0\ubcd4win1\plugin\network\ultravnc |
| %programfiles% |
| %sysdrive%\常用軟體 |
| vncviewer_tab.exe |
| $REVSATO.exe |
|
36.8% |
|
|
31.6% |
|
|
10.5% |
|
|
5.3% |
|
|
5.3% |
|
|
5.3% |
|
|
5.3% |
|
| Windows 10 |
57.9% |
|
| Windows 7 |
36.8% |
|
| Windows 8 |
5.3% |
|
Analysis
| Subsystem: |
Windows GUI |
| PE Type: |
pe |
| OS Bitness: |
32 |
| Image Base: |
0x00400000 |
| Entry Address: |
0x0008237a |
| Name |
Size of data |
MD5 |
| .text |
811008 |
eada054612325aa84fea7f70a173a36e |
| .rdata |
114688 |
ccdab3975d8abcfcd9aadc6048ef660c |
| .data |
16384 |
ca87184433c628f285a8c32a8ed9f34d |
| .idata |
16384 |
aa7b57617d85eb72e974eabc906736a1 |
| .rsrc |
405504 |
747e02d12101fbc9242660cd049989a0 |
