The reverse shell exe File Malware Analysis

The reverse_shell.exe File Analysis

Updated 3 months ago

Checked by Malaware Check

reverse_shell.exe

Hash Type	Value	Action
MD5	34c1b72226a24c8673f5ace2dd72a79c
SHA1	c8009522f7c81492c0e0bb158696016ab2ee7fbd
SHA256	0d3241cdd62c654d99bbae12789c3ee729e0195f77138fe0004967f8f0c1996c
SHA512	1fb269747758a819966b6beacb563a1e02b3e25b0eff0dd7b10c5596a770704c976d74398749ffca205c8527b83879b0cba0f949739752151382998ed1529188
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

Hash Type

Value

Action

MD5

34c1b72226a24c8673f5ace2dd72a79c

SHA1

c8009522f7c81492c0e0bb158696016ab2ee7fbd

SHA256

0d3241cdd62c654d99bbae12789c3ee729e0195f77138fe0004967f8f0c1996c

SHA512

1fb269747758a819966b6beacb563a1e02b3e25b0eff0dd7b10c5596a770704c976d74398749ffca205c8527b83879b0cba0f949739752151382998ed1529188

ImpHash

f34d5f2d4577ed6d9ceec516c1f5a744

PE Analysis

Basic Information

▼

Image Base	`0x00400000`
Entry Point	`0x00409a4e`
Compilation Time	2025-03-02 12:36:34
Checksum	0x00000000 (Actual: 0x00014506)
OS Version	4.0
PEiD Signatures	`PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows`
Digital Signature	No valid SignedData structure was found.
Imports	1 libraries mscoree
Exports	0 functions
Resources	2 Resources
Sections	3 Sections

Version Information

▼

Translation	0x0000 0x04b0
FileDescription
FileVersion	0.0.0.0
InternalName	reverse_shell.exe
LegalCopyright
OriginalFilename	reverse_shell.exe
ProductVersion	0.0.0.0
Assembly Version	0.0.0.0

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00002000`	31,316 bytes	31,744 bytes	5.86 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`4CBB65ABE4EDD2E32C7FE1C35A9C63F0`
`.rsrc`	`0x0000a000`	1,264 bytes	1,536 bytes	3.73 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`54B027C670C58CFC7BAA5614E564422E`
`.reloc`	`0x0000c000`	12 bytes	512 bytes	0.08 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`8F60A70E4B95B2B41B24AC7772F385F8`

Resource Analysis

▼

Total Resources: 2 (1,094 bytes)

Resource Type	Count	Total Size	Percentage
RT_VERSION	1	604 bytes	55.2%
RT_MANIFEST	1	490 bytes	44.8%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

This file passed all security checks, but stay vigilant. New malware variants appear daily that can evade detection. Always verify files come from official sources and check digital signatures when available.

File Name	reverse_shell.exe
File Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Scanner Version	1.0.209.174
Database Version	2025-03-02 14:00:34 UTC

The reverse_shell.exe File Analysis

Technical Analysis

Clean File

Scan Another File

File Identification