home

winrar.5.21.final_x32.exe

The application winrar.5.21.final_x32.exe has been detected as a potentially unwanted program by 24 anti-malware scanners. The program is a setup application that uses the Self-extracting archive installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from dl3.downloadsoftware.ir.
MD5:
1b86aa726b22d763d39f848812171c73

SHA-1:
e877c322f9bbd79cc363159bce833dcd80f6c2fa

SHA-256:
b41c6eafc1904a475f82f038bbb073b3cebe86a680f3477905235f909cdb09f3

Scanner detections:
24 / 68

Status:
Potentially unwanted

Analysis date:
5/17/2024 6:12:25 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUP.Agent
7.1.1

avast!
Win32:Malware-gen
2014.9-151226

AVG
Crack
2016.0.2883

Baidu Antivirus
Hacktool.Win32.Keygen
4.0.3.151226

Comodo Security
UnclassifiedMalware
22100

ESET NOD32
Win32/Keygen.AI potentially unsafe (variant)
9.11618

Fortinet FortiGate
W32/Keygen.AI
12/26/2015

G Data
Win32.Application.Agent.UIGGZC
15.12.25

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.8.9.0

K7 AntiVirus
Trojan
13.203.15891

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.912

Malwarebytes
RiskWare.Tool.HCK
v2015.12.26.03

McAfee
Artemis!1B86AA726B22
5600.6539

Microsoft Security Essentials
HackTool:Win32/Keygen
1.1.11602.0

NANO AntiVirus
Trojan.Win32.MYKB2132.dfsumu
0.30.24.1357

Norman
Hacktool.A!genr
11.20151226

Panda Antivirus
Trj/CI.A
15.12.26.03

Qihoo 360 Security
HEUR/QVM41.1.Malware.Gen
1.0.0.1015

Quick Heal
HackTool.Keygen.r2 (Not a Virus)
12.15.14.00

Sophos
Keygen
4.98

Total Defense
Win32/Keygen.ADNWHbC
37.1.62.1

Trend Micro House Call
TROJ_GEN.R047B01E615
7.2.360

Trend Micro
TROJ_GE.698D659D
10.465.26

VIPRE Antivirus
Trojan.Win32.Generic
40192

File size:
2 MB (2,092,721 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Self-extracting archive

Common path:
C:\users\{user}\downloads\winrar.5.21.final_x32.exe

File PE Metadata
Compilation timestamp:
12/2/2014 2:07:30 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:5K6gVDQk/z+E84WN0/8q4wvkWzDjHkR8MpaCZNBmoE6Y9:5KpDQMN84WN0/8q4QzvkpD4oZU

Entry address:
0x1D5DB

Entry point:
E8, 85, 63, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 82, FC, FF, FF, C7, 06, 20, B2, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 20, B2, 42, 00, E9, 37, FD, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 20, B2, 42, 00, E8, 24, FD, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 4E, CA, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Entropy:
7.9634  (probably packed)

Code size:
161.5 KB (165,376 bytes)

The file winrar.5.21.final_x32.exe has been seen being distributed by the following URL.

http://dl3.downloadsoftware.ir/Soft/.../WinRAR.5.21.Final_x32.exe

Remove winrar.5.21.final_x32.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.