home

winrar-64bit-cz-full.exe

WinRAR 4.20 64bit cz full

The application winrar-64bit-cz-full.exe, “WinRAR 4.20 64bit cz full Setup ” has been detected as a potentially unwanted program by 27 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. The file has been seen being downloaded from dla.uloz.to.
Product:
WinRAR 4.20 64bit cz full

Description:
WinRAR 4.20 64bit cz full Setup

MD5:
81d9c61fa26873d0748da2d16542db18

SHA-1:
442d498531c3238edc707f6578022888c3231a3b

SHA-256:
27bbaf7a2e0fd765caf5d6e65ba739712525dae54fe51b790152b36deaaa1942

Scanner detections:
27 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
4/19/2024 12:15:21 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bitcoinminer.DX
524

AegisLab AV Signature
Troj.W32.Gen
2.1.4+

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
SPR/BitCoinMiner.BT
7.11.201.138

avast!
Inno:BitCoinMiner-C [Drp]
2014.9-150830

AVG
Skodna.BitCoinMiner
2016.0.3002

Bitdefender
Application.Bitcoinminer.DX
1.0.20.1210

Comodo Security
UnclassifiedMalware
20723

Dr.Web
VBS.Siggen.7566
9.0.1.0242

Emsisoft Anti-Malware
Trojan.VBS.TZJ
8.15.08.30.12

ESET NOD32
Win32/BitCoinMiner.BY (variant)
9.11021

Fortinet FortiGate
Riskware/BitCoinMiner
8/30/2015

F-Secure
Trojan.VBS.TZJ
11.2015-30-08_1

G Data
Application.Bitcoinminer.DX
15.8.24

IKARUS anti.virus
Trojan.VBS.CoinMiner
t3scan.1.8.6.0

Kaspersky
Trojan.VBS.Miner
14.0.0.1505

McAfee
Artemis!81D9C61FA268
5600.6658

MicroWorld eScan
Application.Bitcoinminer.DX
16.0.0.726

NANO AntiVirus
Riskware.Win32.BtcMine.cxpnxr
0.30.0.64448

nProtect
Trojan.VBS.TZJ
15.01.15.01

Panda Antivirus
Trj/CI.A
15.08.30.12

Qihoo 360 Security
HEUR/Malware.QVM05.Gen
1.0.0.1015

Rising Antivirus
PE:Trojan.Win32.Generic.1702F7D9!386070489
23.00.65.15828

Sophos
Generic PUA EE
4.98

Trend Micro House Call
TROJ_GEN.R0CBC0EGH14
7.2.242

Trend Micro
TROJ_GEN.R0CBC0EGH14
10.465.30

VIPRE Antivirus
Trojan.Win32.Generic
36688

File size:
4.1 MB (4,323,323 bytes)

Product version:
for Windows

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:MK8067uSWaz+svRY14iBdhLlFH7pN+j8am82XuT+KVE:y0PSRMSiBzhFb+jDm9uTly

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file winrar-64bit-cz-full.exe has been seen being distributed by the following URL.

http://dla.uloz.to/Ps;Hs;fid=42242664;cid=1918918248;rid=1627135420;up=0;uip=193.87.56.35;tm=1441824705;ut=f;aff=ulozto.sk;did=ulozto-sk;He;ch=0cf8d0116244f90d85b1981b3c26451b;Pe/.../winrar-64bit-cz-full-exe?bD&c=1918918248&De

Remove winrar-64bit-cz-full.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.