rar_password_unlocker_trial.exe

RAR Password Unlocker

RAR Password Unlocker, Inc.

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from download2084.mediafire.com and multiple other hosts.
Publisher:
RAR Password Unlocker, Inc.

Product:
RAR Password Unlocker

Description:
RAR Password Unlocker Setup

Version:
5.0.0.0

MD5:
115073414b19ae3258a166962e7603f3

SHA-1:
5b299551153ea45f68899996d3cccce5cc7ce1c7

SHA-256:
a45d5a7538790a3388e390118b4fa6f5a0ca3245fa64072f5807b303035d0ec9

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/29/2016 8:55:01 AM UTC  (eleven months)

Scan engine
Detection
Engine version

IKARUS anti.virus
Trojan-PWS.Win32.Phishack
t3scan.2.2.29

Quick Heal
Worm.Netcast
1.14.12.00

File size:
12.7 MB (13,338,017 bytes)

Product version:
5.0.0.0

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\rar_password_unlocker_trial.exe

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
393216:5zmPcKtpFUOWdp5BprwNE2PvGbN+8N3cgQWO:5GPaOWdp5BgE2s+8N3VQ5

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file rar_password_unlocker_trial.exe has been seen being distributed by the following 50 URLs.

http://download2084.mediafire.com/9all8awskdhg/.../rar_password_unlocker_trial.exe

http://download2044.mediafire.com/xgs3kdi4wedg/.../rar_password_unlocker_trial.exe

http://download2125.mediafire.com/ey856sz2o9gg/.../rar_password_unlocker_trial.exe

http://download2156.mediafire.com/3ktxt2nnxrcg/.../rar_password_unlocker_trial.exe

http://download971.mediafire.com/dc80207z1olg/.../rar_password_unlocker_trial.exe

http://download1187.mediafire.com/y2w8pwb98npg/.../rar_password_unlocker_trial.exe

http://download2090.mediafire.com/x3ww03vb3reg/.../rar_password_unlocker_trial.exe

http://download696.mediafire.com/rbpe2r6x4ebg/.../rar_password_unlocker_trial.exe

http://download2098.mediafire.com/g1ms166taxpg/.../rar_password_unlocker_trial.exe

http://download1823.mediafire.com/gx33yx93rleg/.../rar_password_unlocker_trial.exe

http://download1737.mediafire.com/p3gyz31si2eg/.../rar_password_unlocker_trial.exe

http://download2028.mediafire.com/s93hgtslwcog/.../rar_password_unlocker_trial.exe

http://download2144.mediafire.com/qc7o958c35yg/.../rar_password_unlocker_trial.exe

http://download2084.mediafire.com/o0bko4y3lqsg/.../rar_password_unlocker_trial.exe

http://download1459.mediafire.com/7q8b2koml5xg/.../rar_password_unlocker_trial.exe

http://download2144.mediafire.com/obtw4ocyi31g/.../rar_password_unlocker_trial.exe

http://download859.mediafire.com/b1ku8qm328lg/.../rar_password_unlocker_trial.exe

http://download2090.mediafire.com/rw8c9kmvn2gg/.../rar_password_unlocker_trial.exe

http://download2098.mediafire.com/ztu61f645zlg/.../rar_password_unlocker_trial.exe

http://download696.mediafire.com/saq1849n988g/.../rar_password_unlocker_trial.exe

http://download2084.mediafire.com/388nf5569ezg/.../rar_password_unlocker_trial.exe

http://download1618.mediafire.com/96vh6bzxv6dg/.../rar_password_unlocker_trial.exe

http://download2144.mediafire.com/3alnl1cvb6mg/.../rar_password_unlocker_trial.exe

http://download2098.mediafire.com/ihbjupqf0v2g/.../rar_password_unlocker_trial.exe

http://download2233.mediafire.com/akan8pmgunng/.../rar_password_unlocker_trial.exe

http://download2098.mediafire.com/z5ubhaqe6a5g/.../rar_password_unlocker_trial.exe

http://utililab.av-updates.net/.../wrarulabinst1.exe

http://download1205.mediafire.com/sz5vowms04sg/.../rar_password_unlocker_trial.exe

http://download1470.mediafire.com/ygqb3w0uu3xg/.../rar_password_unlocker_trial.exe

http://download1187.mediafire.com/307fkddakxrg/.../rar_password_unlocker_trial.exe

Latest 30 of 725 download URLs

Scan rar_password_unlocker_trial.exe - Powered by Reason Core Security