ResEdit PE Resource Editor

Category: Adware and PUAs Protection available since:04 Oct 2017 07:37:30 (GMT)
Type: Hacking Tool Last Updated:04 Oct 2017 07:37:30 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of ResEdit PE Resource Editor include:

Example 1

File Information

File type
Windows executable

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\revs.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\nsj3.tmp\Convert.dll
Registry Keys Created
  • HKCR\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}\1.0\FLAGS
    (Default)
  • HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}\TypeLib
    Version
    1.0
  • HKCR\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}\Version
    (Default)
    1.0
  • HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}\TypeLib
    (Default)
    {03771AEF-400D-4A13-B712-25878EC4A3F5}
  • HKCR\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}\1.0
    (Default)
    SmartInstallerLib
  • HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
    (Default)
    IBrowserExternals
  • HKCR\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}\1.0\HELPDIR
    (Default)
    C:\DOCUME~1\support\LOCALS~1\Temp
  • HKCR\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
    (Default)
    CBrowserExternal Class
  • HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}\LocalServer32
    ServerExecutable
    C:\DOCUME~1\support\LOCALS~1\Temp\revs.exe
  • HKCR\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}\1.0\0\win32
    (Default)
    C:\DOCUME~1\support\LOCALS~1\Temp\revs.exe
Processes Created
  • c:\docume~1\support\locals~1\temp\revs.exe
  • c:\windows\system32\wbem\wmic.exe
HTTP Requests
  • http://installer.ppdownload.com/Installer/Flow
DNS Requests
  • installer.ppdownload.com

Example 2

File Information

File type
Windows executable

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\1c65_appcompat.txt
    Size
    4.2K
    SHA-1
    646583dec94feedaacd8e189795dd0685f5d5def
    MD5
    e0715dab423f2eb5f7bddd81871d88b7
    CRC-32
    ab54f64c
    File type
    UTF-16/UCS-2 16-bit Unicode Transformation Format
    First seen
    2017-09-15
  • c:\Documents and Settings\test user\Local Settings\Temp\revs.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\nsl3.tmp\Convert.dll
Registry Keys Created
  • HKCR\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}\1.0\FLAGS
    (Default)
  • HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
    (Default)
    CBrowserExternal Class
  • HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}\TypeLib
    Version
    1.0
  • HKCR\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}\1.0\0\win32
    (Default)
    C:\DOCUME~1\support\LOCALS~1\Temp\revs.exe
  • HKCR\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}\Version
    (Default)
    1.0
  • HKCR\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}\1.0
    (Default)
    SmartInstallerLib
  • HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
    (Default)
    IBrowserExternals
  • HKCR\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}\1.0\HELPDIR
    (Default)
    C:\DOCUME~1\support\LOCALS~1\Temp
  • HKCR\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}\TypeLib
    (Default)
    {03771AEF-400D-4A13-B712-25878EC4A3F5}
  • HKCR\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}\LocalServer32
    ServerExecutable
    C:\DOCUME~1\support\LOCALS~1\Temp\revs.exe
Processes Created
  • c:\docume~1\support\locals~1\temp\revs.exe
  • c:\windows\system32\wbem\wmic.exe
HTTP Requests
  • http://installer.ppdownload.com/Installer/Flow
DNS Requests
  • installer.ppdownload.com

download Try Sophos products for free
Download now