home

rar202s2.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from www.winrar.es and multiple other hosts.
MD5:
ab785415c9ecbce02bfab0390811531b

SHA-1:
28d93eb1bf9d1a0a14299734b7b375645286b045

SHA-256:
b6b12d909558fb214e8d3ae1c2d7e842cfc48cbab34425ab031dd0fe746a7346

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 3:01:53 AM UTC  (today)

File size:
293.4 KB (300,404 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\downloads\rar202s2.exe

File PE Metadata
OS version:
196.0

OS bitness:
Win64

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:k1JOH1QQP7PbqXwxywn8BGMb13h7uVIjC1k8HldPJjOufEPXpTcC+7CAWMXV6:KwH1txyDJcVIjC1k8rP0ufgXpTY7c2V6

Entry address:
0x1000

Entry point:
4D, 5A, 85, 00, 02, 00, 00, 00, 20, 00, 51, 19, FF, FF, 00, 00, 00, 00, 00, 00, 77, 00, 00, 00, 40, 00, 00, 00, 52, 53, 46, 58, 6A, 72, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 03, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9472

Packer / compiler:
RAR-SFX Archive (1)

The file rar202s2.exe has been seen being distributed by the following 7 URLs.

https://www.winrar.es/.../2?PHPSESSID=a4fba152d8bef5b62d69af85db5ec5ac

https://www.winrar.es/.../2?PHPSESSID=81b85acd01e5049de3426dcce93fb09b

https://www.winrar.es/.../2?PHPSESSID=f9b9ba2087c9b279c697628d3bf5186d

http://www.winrar.es/.../2

https://www.winrar.es/.../2

https://www.winrar.es/.../2?PHPSESSID=6953dddeb099cd91ad9984e824394095

https://www.winrar.es/.../2?PHPSESSID=731a9f786a06c2d0a496e823725c5e2b

Scan rar202s2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.