» winrar-x64-521.exe
Overview
Analysis
File Details
Downloads (14)

winrar-x64-521.exe

WinRAR

Software Association LLC

The application winrar-x64-521.exe by Software Association has been detected as a potentially unwanted program by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from winrar-32.1800download.com and multiple other hosts.

File name:

winrar-x64-521.exe

Publisher:

Software Association LLC (signed and verified)

Product:

WinRAR

Version:

1.0.0.0

MD5:

655a6c0b2c34457aba5d9a34b3f21ac7

SHA-1:

b907ffd72d788af662a95cf0bae5949ae8c3ad22

SHA-256:

d158e5e904491b6bef502d2692410faefcf9f84285aeb94edab8ac7c0ebce5e6

Scanner detections:

16 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

8/14/2025 12:19:36 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.OpenCandy

2015.04.19

AVG

OpenCandy

2016.0.3138

Baidu Antivirus

Adware.Win32.OpenCandy

4.0.3.15415

Clam AntiVirus

Win.Trojan.Agent-855157

0.98/21511

Dr.Web

Adware.Downware.9759

9.0.1.0105

ESET NOD32

Win32/OpenCandy.C potentially unsafe (variant)

9.11495

Fortinet FortiGate

Riskware/OpenCandy

4/15/2015

G Data

Win32.Adware.OpenCandy

15.4.25

K7 AntiVirus

Trojan

13.202.15594

Malwarebytes

PUP.Optional.OpenCandy

v2015.04.15.04

McAfee

Artemis!1964B9785478

5600.6794

Panda Antivirus

PUP/OpenCandy

15.04.15.04

Sophos

OpenCandy

4.98

Trend Micro House Call

Suspicious_GEN.F47V0413

7.2.105

VIPRE Antivirus

Opencandy

39456

File size:

415.7 KB (425,648 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\programs\winrar-x64-521.exe

Digital Signature

Signed by:

Software Association LLC

Authority:

DigiCert Inc

Valid from:

1/13/2015 2:00:00 AM

Valid to:

1/21/2016 2:00:00 PM

Subject:

CN=Software Association LLC, O=Software Association LLC, L=Dnepropetrovsk, S=Dnipropetrovs'ka Oblast', C=UA

Issuer:

CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0E1FC80B1C57AD69AA6F8D65D1CF90CF

File PE Metadata

Compilation timestamp:

5/20/2013 1:53:00 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:8iub+EmZ7bkTRWytZbRgdkGESugzZHtsg0zG:gb+tJktWybFgdkGESp5td0zG

Entry address:

0x331C

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 30, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, BC, 70, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 08, A3, 98, 92, 42, 00, E8, A8, 2E, 00, 00, A3, E4, 91, 42, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, 90, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, 7C, 93, 40, 00, 68, E0, 81, 42, 00, E8, 13, 2B, 00, 00, FF, 15, 34, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, 01, 2B, 00, 00... 
[+]

Entropy:

7.8393

Packer / compiler:

Nullsoft install system v2.x

Code size:

24 KB (24,576 bytes)

The file winrar-x64-521.exe has been seen being distributed by the following 14 URLs.

http://winrar-32.1800download.com/get_azure_file/wUiS4WnYccXGwj 8XPavWwllklY NSrgQUawMZ7O/eUy8GD8o3Yng44cJgTtabv2LSflgxQEYyrJWbW1E/Y9yrNyg5/DRV3T4iz6Hk20snm1maqSvNKbm2RBs9Jp3QEdEzW1AX1/lsk7um/oUSCTQbZOydXqdD0EYqtxdkwdOPb9V3J0O8TILAl3xOG9UHM3c9z40Ok3B2mytVLIlfQvDpG3YoL3O2NXnMu F/sllhsH5sv3jlLqN/MhhSflCc1X/MS/.../O IWB5Y2enUguvCmGBNzhVW61NdWVXW1FAawqZzu1Q0nO3bDu3gfkA==

http://winrar-32.1800download.com/get_azure_file/wUiS4WnYccXAwj 1RrjxCgghkkVxZmbzR1 xcteQv U8/zOh/jwnickFbk3kYqn9OnquyxdSM2OGCb3 W/VrkvAlhpqPDE b9iXqSx p ir9lvbTvNKbm2VBs8B4wwwAAWSsUzR0kMEh9yLyWGGaS/9Wy83zbm5TerJxJRoFIazzRHE8csrENE170PT2GWUveY34w6psUCvr8EeHmvtxAZC8bpfmOmNXnMu F/.../ITiF2vi6puRkidjbbRJV8B5K3RguuOtDxtzhVW61NdWVXW1FAawqZzu1Q0nO3bDu3gfkA==

http://winrar-32.1800download.com/.../wUiS4WnYccXBwj pXP7oQlssmV89fDKlEgqtI87Y9ukx53e5 zYmlJxNP0ykYrr8NWHomRcYbjLFXqv7Cr50ybBq1oHEWU7AvTL7DlT8 3G8geeX943KmiBBp58igVdHUHGkGDU2nsAj7HKjDnGSA7ZewtXiMyUMK7MwJQpLd738FXB ctzPNBBhhqfuAHNtONywhP8 V2O7tljGnf5lBpK9e4GkaXtOiZ7hSbxmjRZW54v3n1n9Z7h 1CalCd0dt5OpSDrjsJuCmyUmdb0AT4A3Kyl67Le1Fllrjx66xZodTW6wRBC7pZ75wg0kICeM7XgfkA==

http://winrar-32.1800download.com/get_azure_file/wUiS4WnYccXBwj sXP7oQkEsnl0kPTqiHB/xcteQv E8/yG6sGMxwdoEP0b1Y/j2O3mulg0EZ3GHWOOmEL8lhOA hpffGkSX zL9Dkfp7TPqmf6SpNvSgzwIs55ziVJIRjH VGoq04A79WjwXGmLFfQckYW0JTxeYrg2LREOM6b0Un90O8TNLAl71fX2GWUveo/g0uknBSqwsVDd3KY4Fpn esGkfXBV2dO2XuMilQ9DstSp2BrqZel/lCa0AspU/.../HungfkA==

http://winrar-32.1800download.com/get_azure_file/wUiS4WnYccXDyCf4UfO5CV530RJ0YyqsWxL7as6U7L10vCfjoWpgwJgELk31K KoLXjlylVQOSCGGOO1Qexj0bIjzsSXFQ V7SS7BkD9qi73y6yT 8vTyGlKpZc5g1FDU36mAX1/l8k7vnKuSGjaSr9W2sboMSUMK7M2JQpZavOiRHE8cs/.../dl7xmApivJp3yOyQezcr F oujRwQ5Jr2zlL6ZLgq1D6tQMVa5NX8Gie97NbTiCdjbbRJV8B5K3RguuOtDxtzhVW61NdWVXW1FAawqZzu1Q0nO3bDu3gfkA==

http://winrar-32.1800download.com/get_azure_file/wUiS4WnYccXEwj 8WvauHEA0kxQ8PDK1GR37cteQv U8/zC24jEwnskFdE3mbLn0Nne6wFRaOSCGGeO1XPElyPpqxcyPBh6avCX7BlSu4S tgLbbrNPKkmdZqtY6gV9QCzW1AX1/k8k7uXKkDjzeA65Xi83gNz0VPOBxb0Reeuq1Cmh0O8THLAll1f mQ2Q4e4fg2q4/.../AKEimwAQ74nj2BCtfKE2nS sEYwEutWwGnPou5rTkC8qdfAaEZY2enUluvClHx9liRWi3J5OECbzRlSnsZGnzQwvLHPNvngfkA==

http://winrar-32.1800download.com/get_azure_file/wUiS4WnYccXAwj 1RrjxCgghkkVxZmbzR1 xcteQv U8/zOh/jwnickFbk3kYqn9OnquyxdSMWmeW7DzCr50ybpq1seUAR6avCX7BlSu4S tgLbbrNPKkmdZqtY6gF9QEi/.../9ykzhikP Mw1XC0CIxX582pBCC38cDShy8idb0AT4A3Kyl67Le1Fllrjx66xZodTW6wRBC7pZ75wg0kICeM7XgfkA==

http://winrar-32.1800download.com/get_azure_file/wUiS4WnYccXGwj 8XPavWwllklY NSrgQUawMZ7O/eUy8GD8o3Yng44cJgTta7HuZiro0l8bOGGGCeqjCr50yb9q1pPVR1XTqj3zVUz2vHm3gvPYpt3YmiBBop8iwAwWRn3 AD99n4Aj/SHoHDrNUrcfwsHrJTUFbb01LAoEcKX1XGg7PNzFZREjhrPlAC1mcob4w61sWnux8VDMlu1tDZSve4GkbnFWzZXkXql4zlRQr9TvhhvyZ6Bn0HX4QZ4f88S5UXKquZeaiHp/.../zDU75pJD2gFZ7ai2D 3gfkA==

http://winrar-32.1800download.com/get_azure_file/wUiS4WnYccXAwj uQbjxCggnkkU3LTPkEhv4cp K4fE9tG//qmMxwd0EPxG4NO pfWG3g15bOHGNHuC1E/Y9wrlq1pLEREzNrma9Thrlszi1gv/.../A2h0O8TILAl3xOG9UHM3c9z40Ok3BmC u1rPnfQvDpC3Yp3tfXof1ca3D659wUlKqsvvhhvybaBn13XyEcQe5MSxUXjgtYOb2SYjbaQaHNAvMjwpsui1Hh5zhVW61NdWVXW1FAawqZzu1Q0nO3bDu3gfkA==?_ga=1.178183651.737819989.1428945134

http://winrar-32.1800download.com/get_azure_file/wUiS4WnYccXBwj pXP7oQlssmV89fDKhEgqkP4CH4KEk5ib0oWJgyt4HP0ykYrn2LSz/0l8bOGSGCa7 RuFohPpyz4WXBgyb7XuhTwar6TL6yanDpZrSmGlZ5sxuwQQASXWlGDU2nsAj7GujDnGSA7ZfwtXgPjEVY/.../rFFSq94jvhAUnNGDHvHgfkA==?_ga=1.246548996.1625502515.1429534863

http://winrar-32.1800download.com/get_azure_file/wUiS4WnYccXBwj zXP7oQkEsml0kPDy1E1v4YtbB8ack5ib0o2JgyskFbk3hYqmpdzPlggFKOTqGGu2lEbQ3y7lkzM3eDQib7XmhUBPlszi1iv3bvJ6BzyEa44h4hVFfUXSmFGs9wdEivSH7WmmLFOUfiJuwfnJFNKs5bBIGOb2wDyQ9KYzTJRkwh LuECw3J8bg2q4/CWOo9QORyKArR4C2M8itZWMchpWvFqounBcH7IH7n1O7ZKl/hW//V91Wt826S3KquZKaiGp5M6RIBo47M20hsuejGhlzhVW60ddWRXO9UlixsZGnzQwvLHPBsXgfkA==?_ga=1.141255538.1909052052.1428998257

http://jdcdn2com.blob.core.windows.net/fas/wi/18/34/1/.../winrar-x64-521.exe

http://winrar-32.1800download.com/get_azure_file/wUiS4WnYccXAwj 1RrjxCgghkkVxZmbzR1 xcteQv U8/zOh/jwnickFbk3kYqn9OnquyxdSNGmeTqHnQfdi0bI5zseZBQWQ/C/5DkL8 3G8geeR943KmiBBop8iglxERn3kAD1/.../B2vi8JuRkD4hdb0AT4A3Kyl67Le1Fllrjx66xZodTW6wRBC7pZ75wg0kICeM7XgfkA==

http://winrar-32.1800download.com/get_azure_file/wUiS4WnYccXBwj qXP7oQkEsm10kPjGhChOxat3Tv/FitCa /jk7jplSP0ykYrL2LTTlnhYJcH6PGfusW781yas/h9SWRAaW9T2/VRij5zz8mf6SpN/SgzYD4cxy1kdJDXymDjx8lsQg/yv/USCTQ7ZOi561JTxeYrg6JFsFN6XlACMjLdzFZREjhKv2VX97OtSwzKUzCnS/.../MW5Rn3usIOb2SYjbaQaHNAvMjwpsui1Hh5zhVW60ddWRXO9UlixsZGnzQwvLHPBsXgfkA==

Remove winrar-x64-521.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.