Backdoor.RevengeRAT (file analysis)

Malware Removal

The Backdoor.RevengeRAT is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Review

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Backdoor.RevengeRAT virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Drops a binary and executes it
  • Uses Windows utilities for basic functionality
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself

Related domains:

amerkad19.ddns.net

How to determine Backdoor.RevengeRAT?


File Info:

crc32: C5D641B9
md5: 82c482f8af3d699aeb51034dc506cd1c
name: Client.jpg
sha1: 1c65ce6be62627ee36db9c1b1d912297e6f99abe
sha256: e8da9985457f46542b7f8c9c2e48f252f6f0d998223271a1bf073754fda2e8e3
sha512: 6f55468830a5fa9fdf30d12300e3fe71ce9ff48f3ebc1d261d2ef50579b0b1aef4b3aff3cf7b337cf92b9b18bc1fe0de9cc9166fa40f5136dfb7151e0fe62899
ssdeep: 768:Bs+U4zL+fRTtmqOE1UpUrz5bLLgwernMqxNTzFNBvKKU1RkWEy7mELj2T0p:I4PCbOE1UpUn5TextFNlbU1RkUmEt
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:

LegalCopyright: win
InternalName: svshot.exe
FileVersion: 0.0.0.3
CompanyName: RV
LegalTrademarks: RV
ProductName: RV
ProductVersion: 0.0.0.3
FileDescription: svshot
OriginalFilename: svshot.exe
Translation: 0x0409 0x04b0

Backdoor.RevengeRAT also known as:

BkavW32.HfsIemusi.
MicroWorld-eScanGen:Variant.Razy.169057
FireEyeGeneric.mg.82c482f8af3d699a
CAT-QuickHealTrojandropper.Generic
McAfeeArtemis!82C482F8AF3D
ALYacGen:Variant.Razy.169057
MalwarebytesBackdoor.RevengeRAT
VIPRETrojan.Win32.Generic!BT
SangforMalware
K7AntiVirusTrojan ( 005121fb1 )
BitDefenderGen:Variant.Razy.169057
K7GWTrojan ( 005121fb1 )
Cybereasonmalicious.8af3d6
TrendMicroTROJ_GEN.R002C0PL319
BitDefenderThetaGen:NN.ZemsilF.32519.dq0@aW2Hdsfe
SymantecML.Attribute.HighConfidence
TrendMicro-HouseCallTROJ_GEN.R002C0PL319
AvastWin32:Trojan-gen
ClamAVWin.Trojan.Generic-6332612-0
GDataGen:Variant.Razy.169057
KasperskyHEUR:Trojan-Dropper.Win32.Generic
AlibabaTrojanDropper:MSIL/Launcher.ad4b1a12
NANO-AntivirusTrojan.Win32.Razy.fpdqdh
AegisLabTrojan.Win32.Generic.b!c
RisingTrojan.Generic@ML.100 (RDMK:0BKWSHpqfx99ee8DvTp3/w)
Endgamemalicious (high confidence)
SophosMal/Revet-A
ComodoMalware@#2vpjs2c9kffrn
F-SecureTrojan.TR/ATRAPS.Gen2
DrWebTrojan.DownLoader28.11485
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Generic.qm
SentinelOneDFI – Malicious PE
EmsisoftGen:Variant.Razy.169057 (B)
APEXMalicious
CyrenW32/Trojan.LOEO-7428
AviraTR/ATRAPS.Gen2
Antiy-AVLTrojan/MSIL.Launcher
ArcabitTrojan.Razy.D29461
ZoneAlarmHEUR:Trojan-Dropper.Win32.Generic
MicrosoftTrojan:MSIL/Launcher.A!MTB
AhnLab-V3Trojan/Win32.RL_Revenge.R268056
Acronissuspicious
VBA32TScope.Trojan.MSIL
MAXmalware (ai score=100)
Ad-AwareGen:Variant.Razy.169057
CylanceUnsafe
PandaTrj/GdSda.A
ESET-NOD32a variant of MSIL/Agent.AZM
YandexTrojan.Agent!nqzW0hpiyRw
IkarusBackdoor-Rat.Revenge
MaxSecureTrojan.Malware.1698455.susgen
FortinetMSIL/Agent.AZM!tr
AVGWin32:Trojan-gen
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)
Qihoo-360HEUR/QVM03.0.F913.Malware.Gen

How to remove Backdoor.RevengeRAT?

Backdoor.RevengeRAT removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment