home

rar.exe

MD5:
ca4bdd2c672fbb0104a1a2d607227f23

SHA-1:
ad839f5b03d83a30100c734588cb3281b0e9d80c

SHA-256:
783ff1d158ee6575caf245bef099fe19d0997bd82d80800783abf04e9b48b4c7

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
5/15/2024 9:15:48 PM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.Dropper.W32.KGen
2.1.4+

Qihoo 360 Security
HEUR/QVM20.1.Malware.Gen
1.0.0.1015

File size:
4.4 MB (4,636,672 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\rar.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:R9f51c6vxAQq1IAE5U6Y760eycGq8FIV1dyVzKGcFCNq/3q5Xmcaz6FpgpzcjBUN:RD1c6vxAQq1IXGq8FIV1oztc4NeOAG

Entry address:
0x97F0

Entry point:
66, 8B, 55, F4, 01, D0, 69, C0, E8, 03, 00, 00, 66, 8B, 55, F6, 01, D0, 89, 05, 2C, B0, 40, 00, 8B, E5, 5D, C3, 90, B8, D2, 00, 00, 00, E9, 37, 17, 00, 00, C3, 90, 53, 56, 51, 89, CE, C1, EE, 02, 74, 26, 8B, 08, 8B, 1A, 39, D9, 75, 45, 4E, 74, 15, 8B, 48, 04, 8B, 5A, 04, 39, D9, 75, 38, 83, C0, 08, 83, C2, 08, 4E, 75, E2, EB, 06, 83, C0, 04, 83, C2, 04, 5E, 83, E6, 03, 74, 36, 8A, 08, 3A, 0A, 75, 30, 4E, 74, 13, 8A, 48, 01, 3A, 4A, 01, 75, 25, 4E, 74, 08, 8A, 48, 02, 3A, 4A, 02, 75, 1A, 31, C0, 5E, 5B, C3...
 
[+]

Entropy:
4.9079

Code size:
36 KB (36,864 bytes)

The file rar.exe has been seen being distributed by the following URL.

http://atomic-rar-password-recovery.soft32.com/get/file/id/.../?iframe=true&width=420&height=200&javascript=true&no_download_manager=1

Scan rar.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.