home

winrar-x64-420ru.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from fileshare7540.depositfiles.com and multiple other hosts.
MD5:
59dd3a5806ee1fe38f2eac4a73742e7a

SHA-1:
6d41573dda8f1136719e3242fb5ff456f3f2949e

SHA-256:
698f5ebcedc5e58570462fd64d61a6231ea0cd8e2012aff72aaf018b1bc97a73

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/24/2024 7:15:42 AM UTC  (today)

Scan engine
Detection
Engine version

Zillya! Antivirus
Backdoor.ZAccess.Win32.26102
2.0.0.1779

File size:
1.7 MB (1,789,960 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\downloads\winrar-x64-420ru.exe

File PE Metadata
Compilation timestamp:
6/9/2012 4:20:00 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:+ZEK6jKk+HwN9Bd2ITDAAvf7IeMnRwzCZ1GPaq8L+PjpLKVikK5LtaOx8Cr:+Z/kN3R2nRtbU++BYtIPx8g

Entry address:
0xC3A8

Entry point:
48, 83, EC, 28, E8, 97, FE, FF, FF, 45, 33, C9, 45, 33, C0, 33, D2, 33, C9, 48, 83, C4, 28, E9, 60, 3D, 00, 00, 48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8B, F9, 48, 89, 11, 48, 8B, CA, 48, 8B, DA, E8, 09, 9A, FF, FF, 48, 89, 47, 08, 8B, 83, 2C, 0C, 00, 00, 48, 8B, 5C, 24, 30, 89, 47, 10, 48, 8B, C7, 48, 83, C4, 20, 5F, C3, CC, CC, 48, 83, EC, 28, 4C, 8B, 09, 41, 8B, 81, 2C, 0C, 00, 00, 39, 41, 10, 75, 0F, 48, 8B, 51, 08, 45, 33, C0, 49, 8B, C9, E8, A6, A0, FF, FF, 48, 83, C4, 28, C3, CC, 48, 89, 5C, 24...
 
[+]

Code size:
88 KB (90,112 bytes)

The file winrar-x64-420ru.exe has been seen being distributed by the following 2 URLs.

http://fileshare7540.depositfiles.com/auth-1352491328e2f5bb6ef6ac02971eea76-188.123.248.77-608530923-123052552-guest/.../winrar-x64-420ru.exe

http://dl.cdn.chip.eu/downloads/.../winrar-x64-420ru_download.chip.eu.exe

Scan winrar-x64-420ru.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.