» winrar.exe
Overview
Analysis
File Details
Downloads (1)

winrar.exe

The application winrar.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. This is a setup program which is used to install the application. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from cdnus.ironcdn.com.

File name:

winrar.exe

MD5:

212bbab83f5e068fcac2a3ab91ee0a55

SHA-1:

420b84438fb013b161ac148481aeed23601203a4

SHA-256:

c73f3f78ac3074477d4395ac5ea89bf53e73a70ceec6cd9efd964fd151078456

Scanner detections:

19 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/20/2024 1:01:32 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

ASD.Prevention

2013.12.26

Avira AntiVirus

ADWARE/InstallCore.Gen

7.11.122.50

AVG

Skodna.Generic

2015.0.3438

Baidu Antivirus

Win32.InstallCore

4.0.3.14619

Comodo Security

UnclassifiedMalware

16941

Dr.Web

Adware.InstallCore.55

9.0.1.0170

Emsisoft Anti-Malware

Riskware.WebToolbar.Win32.InstallCore.AMN!A2

8.14.06.19.01

ESET NOD32

Win32/InstallCore.AF (variant)

8.9190

Fortinet FortiGate

Riskware/InstallCore

6/19/2014

F-Prot

W32/InstallCore.G.gen

v6.4.7.1.166

K7 AntiVirus

Unwanted-Program

13.170.9100

Kaspersky

not-a-virus:WebToolbar.Win32.InstallCore

14.0.0.3687

Malwarebytes

PUP.Optional.InstallCore

v2014.06.19.01

McAfee

Artemis!2BA4BD2F9CEC

5600.7094

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.14617

Sophos

Generic PUA JL

4.93

Trend Micro House Call

TROJ_SPNR.02IK12

7.2.170

Trend Micro

TROJ_SPNR.02IK12

10.465.19

Vba32 AntiVirus

BScope.Malware-Cryptor.InstallCore.2691

3.12.24.3

File size:

1.1 MB (1,108,088 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\winrar.exe

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:PEGri4Fr0vDHu6T675syNZ/EnKiEnzQKgrv:PEGri8Suq69sy1iEzo

Entry address:

0xCEA20

Entry point:

55, 8B, EC, 83, C4, F0, B8, F0, 1B, 41, 00, E8, C1, CE, FF, FF, 00, 75, 44, 8B, C3, E8, 35, FF, FF, FF, EB, 3B, 8B, 0A, 8B, 72, 04, 03, CE, 8B, F8, 03, 7B, 0C, 3B, CF, 75, 05, 29, 73, 0C, EB, 26, 8B, 0A, 03, 4A, 04, 89, 0C, 24, 2B, F9, 89, 7C, 24, 04, 8B, 12, 2B, D0, 89, 53, 0C, 8B, D4, 8B, C3, E8, D0, FE, FF, FF, 84, C0, 75, 04, 33, C0, EB, 0C, B0, 01, EB, 08, 8B, 1B, 3B, FB, 75, 85, 33, C0, 59, 5A, 5D, 5F, 5E, 5B, C3, 90, 53, 56, 57, 8B, DA, 8B, F0, 81, FE, 00, 00, 10, 00, 7D, 07, BE, 00, 00, 10, 00, EB... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

841 KB (861,184 bytes)

The file winrar.exe has been seen being distributed by the following URL.

http://cdnus.ironcdn.com/.../Winrar.exe

Remove winrar.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.