home

unrar.exe

WinRAR

win.rar GmbH

This is a setup program which is used to install the application. The file has been seen being downloaded from mega.nz and multiple other hosts.
Publisher:
Alexander Roshal  (signed by win.rar GmbH)

Product:
WinRAR

Description:
Command line RAR

Version:
5.0.0

MD5:
acd116e2f65191ed04cbd2616942b496

SHA-1:
16e9d2ff38be08b461b48581e007451509561aa2

SHA-256:
d0732442847918f36ec54e594659c0e840f24ee4703a89518b53dbbd2cf0fd76

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 12:12:52 AM UTC  (today)

File size:
298.6 KB (305,752 bytes)

Product version:
5.0.0

Copyright:
Copyright © Alexander Roshal 1993-2013

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\unrar.exe

Digital Signature
Signed by:
win.rar GmbH

Authority:
COMODO CA Limited

Valid from:
6/13/2013 1:00:00 AM

Valid to:
6/14/2015 12:59:59 AM

Subject:
CN=win.rar GmbH, O=win.rar GmbH, STREET=Schumannstr. 17, L=Berlin, S=Berlin, PostalCode=10117, C=DE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
75953FA54DD12DD9CA6B948C17BFD67C

File PE Metadata
Compilation timestamp:
8/22/2013 2:00:19 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
6144:38YqPw+or+v55T2NayoGb7wbO/lQ7X3o0pAQC+oe:hqPwnmh2BTbYO/K9pA3+r

Entry address:
0x2DD9C

Entry point:
E8, EE, 73, 00, 00, E9, A4, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 31, FD, FF, FF, C7, 06, EC, A4, 43, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, EC, A4, 43, 00, E9, E6, FD, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, EC, A4, 43, 00, E8, D3, FD, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 03, D3, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Code size:
224 KB (229,376 bytes)

The file unrar.exe has been discovered within the following programs.

iTunes  by Apple Inc.
Apple's iTunes is a proprietary media player computer program, used for playing and organizing digital music and video files on desktop computers. It can also manage contents on iPod, iPhone and iPad.
www.apple.com/itunes
9% remove it
LogMeIn Hamachi  by LogMeIn, Inc.
LogMeIn remote access products use a proprietary remote desktop protocol that is transmitted via SSL. An SSL certificate is created for each remote desktop and is used to cryptographically secure communications between the remote desktop and the accessing computer.
secure.logmein.com/products/hamachi/download.aspx
About 7% of users remove it
SketchUp 8  by Trimble Navigation Limited
Publisher's description - “Redecorate your living room. Invent a new piece of furniture. Model your city for Google Earth. There's no limit to what you can create with SketchUp.”
www.sketchup.com/intl/en/product/gsu.html
9% remove it
Universal Extractor  by oszone.net
Publisher's description - “Universal Extractor is a program designed to decompress and extract files from any type of archive or installer, such as ZIP or RAR files, self-extracting EXE files, application installers, etc.”
www.legroom.net/software/uniextract
8% remove it
WinRAR archiver  by win.rar GmbH
WinRAR archiver is a shareware file archiver that is able to create RAR archives natively.
www.rarlab.com
12% remove it
 
Powered by Should I Remove It?

The file unrar.exe has been seen being distributed by the following 2 URLs.

https://mega.nz/temporary/.../vcByhKYR

http://youtubemusicdownloader.us/download/.../UnRAR.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.