» winrar.5.20.final_x32.exe
Overview
Analysis
File Details
Downloads (1)

winrar.5.20.final_x32.exe

The application winrar.5.20.final_x32.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. The program is a setup application that uses the Self-extracting archive installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from dl3.downloadsoftware.ir.

File name:

MD5:

7a0b169db7c0ae057af358d39922d245

SHA-1:

5a9ad5238f53b69d3a3a42fea302933e012f2a83

SHA-256:

d34188742e7ef02c5627d7cd177b32394a0c25d11202ae7acbb7e89962e08fe3

Scanner detections:

22 / 68

Status:

Potentially unwanted

Analysis date:

5/17/2024 11:17:12 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUP.Agent

7.1.1

Avira AntiVirus

SPR/Tool.Keygen.8903

7.11.211.166

avast!

Win32:Malware-gen

2014.9-160628

AVG

Crack

2017.0.2698

Baidu Antivirus

Hacktool.Win32.Keygen

4.0.3.16628

Comodo Security

UnclassifiedMalware

21139

ESET NOD32

Win32/Keygen.AI potentially unsafe (variant)

10.11204

Fortinet FortiGate

W32/Keygen.AI

6/28/2016

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.197.15026

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.-13

McAfee

Artemis!7A0B169DB7C0

5600.6354

Microsoft Security Essentials

HackTool:Win32/Keygen

1.1.11400.0

NANO AntiVirus

Trojan.Win32.MYKB2132.dfsumu

0.30.0.126

Norman

Hacktool.A!genr

11.20160628

Panda Antivirus

Trj/CI.A

16.06.28.04

Qihoo 360 Security

HEUR/QVM41.1.Malware.Gen

1.0.0.1015

Quick Heal

HackTool.Keygen.r2 (Not a Virus)

6.16.14.00

Sophos

Mal/KeyGen-M

4.98

Trend Micro House Call

TROJ_SPNR.08DR14

7.2.180

Trend Micro

TROJ_SPNR.08DR14

10.465.28

VIPRE Antivirus

HackTool.Win32.Keygen

37714

File size:

2 MB (2,086,481 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Self-extracting archive

Common path:

C:\users\{user}\downloads\winrar.5.20.final_x32.exe

File PE Metadata

Compilation timestamp:

12/1/2013 11:38:23 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:AuVhwAceL4zRtQHBuSBgK9qCRga1lROlrq6Y1:AMhwNo4zRtQHBuSyKMIgO3OJq

Entry address:

0x1D728

Entry point:

E8, F0, 57, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 05, FD, FF, FF, C7, 06, E4, 81, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, E4, 81, 42, 00, E9, BA, FD, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, E4, 81, 42, 00, E8, A7, FD, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, D1, C9, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08... 
[+]

Entropy:

7.9644 (probably packed)

Code size:

149.5 KB (153,088 bytes)

The file winrar.5.20.final_x32.exe has been seen being distributed by the following URL.

http://dl3.downloadsoftware.ir/Soft/.../WinRAR.5.20.Final_x32.exe

Remove winrar.5.20.final_x32.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.