» WinRAR.exe
Overview
Analysis
File Details
Behaviors (1)

WinRAR.exe

Alexander Roshal

WinRAR provides the full RAR and ZIP file support, can decompress CAB, GZIP, ACE and other archive formats. The executable WinRAR.exe has been detected as malware by 38 anti-virus scanners.

File name:

WinRAR.exe

Publisher:

Alexander Roshal

Description:

WinRAR archiver

Version:

3.71

MD5:

159b6b42ece7bf39932e86d1c0b51192

SHA-1:

247899a017647ac447bc97b888da9e8cbabd20ee

SHA-256:

4625fb16f44ebd1cfc3e35dbaf69de5bf7c84a296dd5cdf6448cced4033b4494

Scanner detections:

38 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/19/2024 1:36:32 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Virtob.Gen.12

804

Agnitum Outpost

Win32.Virut.AB.Gen

7.1.1

AhnLab V3 Security

Win32/Virut.F

2014.07.09

Avira AntiVirus

W32/Virut.Gen

7.11.30.172

avast!

Win32:Vitro

2014.9-141122

AVG

Win32/Virut

2015.0.3282

Baidu Antivirus

Virus.Win32.Virut.$NBP

4.0.3.141122

Bitdefender

Win32.Virtob.Gen.12

1.0.20.1630

Bkav FE

W32.Vetor.PE

1.3.0.4959

Comodo Security

Virus.Win32.Virut.CE

18807

Dr.Web

Win32.Virut.56

9.0.1.0326

Emsisoft Anti-Malware

Win32.Virtob.Gen.12

8.14.11.22.07

ESET NOD32

Win32/Virut.NBP virus

8.7.0.302.0

Fortinet FortiGate

W32/Virut.CE

11/22/2014

F-Prot

W32/Virut.AL!Generic

v6.4.6.5.141

F-Secure

Win32.Virtob.Gen.12

11.2014-22-11_7

G Data

Win32.Virtob.Gen.12

14.11.24

IKARUS anti.virus

Virus.Win32.Virut

t3scan.1.6.1.0

K7 AntiVirus

Virus

13.180.12657

Kaspersky

Virus.Win32.Virut

14.0.0.2906

McAfee

W32/Virut.n.gen

5600.6938

Microsoft Security Essentials

Threat.Undefined

1.177.1944.0

MicroWorld eScan

Win32.Virtob.Gen.12

15.0.0.978

NANO AntiVirus

Virus.Win32.Virut.hpeg

0.28.0.60698

Norman

Virut.HL

11.20141122

nProtect

Virus/W32.Virut.Gen

14.07.08.03

Panda Antivirus

W32/Sality.AO

14.11.22.07

Qihoo 360 Security

Virus.Win32.Virut.M

1.0.0.1015

Quick Heal

W32.Virut.G

11.14.14.00

Rising Antivirus

PE:Win32.Virut.ec!1608462

23.00.65.141120

Sophos

W32/Scribble-B

4.98

Total Defense

Win32/Virut.17408

37.0.11046

Trend Micro House Call

PE_VIRUX.R

7.2.326

Trend Micro

PE_VIRUX.R

10.465.22

Vba32 AntiVirus

Virus.Virut.14

3.12.26.3

VIPRE Antivirus

Virus.Win32.Virut.ce.6

31088

ViRobot

Win32.Virut.AM

2011.4.7.4223

Zillya! Antivirus

Virus.Virut.Win32.1938

2.0.0.1850

File size:

915 KB (936,960 bytes)

Original file name:

WinRAR.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

File PE Metadata

Compilation timestamp:

9/20/2007 5:34:22 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.0

CTPH (ssdeep):

24576:Em6a1rcD4NdGc0lWIFzyKkKpnDMMMMMM:Em6aFcMN90yKTpDMMMMMM

Entry address:

0x1000

Entry point:

EB, 10, 66, 62, 3A, 43, 2B, 2B, 48, 4F, 4F, 4B, 90, E9, C0, 41, 4A, 00, A1, B3, 41, 4A, 00, C1, E0, 02, A3, B7, 41, 4A, 00, 52, 6A, 00, E8, 6D, 19, 0A, 00, 8B, D0, E8, C6, 79, 09, 00, 5A, E8, FC, 6C, 09, 00, E8, BF, 79, 09, 00, 6A, 00, E8, 4C, 8C, 09, 00, 59, 68, 5C, 41, 4A, 00, 6A, 00, E8, 47, 19, 0A, 00, A3, BB, 41, 4A, 00, 6A, 00, E9, 33, FA, 09, 00, E9, 7A, 8C, 09, 00, 33, C0, A0, A5, 41, 4A, 00, C3, A1, BB, 41, 4A, 00, C3, 60, BB, 00, 50, B0, BC, 53, 68, AD, 0B, 00, 00, C3, B9, AC, 00, 00, 00, 0B, C9... 
[+]

Entropy:

6.3463

Code size:

652 KB (667,648 bytes)

Shell Open Command

Open type:

WinRAR

Command:

"C:\users\{user}\desktop\winrar.exe" "%1"

Remove WinRAR.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.