home

WinRAR.exe

WinRAR

Alexander Roshal

WinRAR provides the full RAR and ZIP file support, can decompress CAB, GZIP, ACE and other archive formats. The executable WinRAR.exe has been detected as malware by 40 anti-virus scanners.
Publisher:
Alexander Roshal

Product:
WinRAR

Description:
WinRAR archiver

Version:
5.21.0

MD5:
69547b7c25b2aaaa6504b762dff93785

SHA-1:
a83a94093c1aa1e10ec9ffa17f529ba4a5286432

SHA-256:
1787cd3ce76484e89ad9fd58d9125d8758275888c4e1f92b2b5a400e4af78114

Scanner detections:
40 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/19/2024 4:37:54 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Jeefo.B
5754433

Agnitum Outpost
Win32.Hidrag
7.1.1

AhnLab V3 Security
Win32/Hidrag
2015.07.08

Avira AntiVirus
W32/Jeefo.A
8.3.1.6

Arcabit
Win32.Jeefo.B
1.0.0.425

avast!
Win32:Gardih
150602-1

AVG
Win32/Hidrag.A
2015.0.4355

Baidu Antivirus
Virus.Win32.Jeefo.$40
4.0.3.1577

Bitdefender
Win32.Jeefo.B
1.0.20.940

Bkav FE
W32.SplitFileLTB.PE
1.3.0.6979

Clam AntiVirus
W32.Jeefo-3
0.98/20656

Comodo Security
Win32.Jeefo.A
22692

Dr.Web
Win32.HLLP.Jeefo.36352
9.0.1.05190

Emsisoft Anti-Malware
Win32.Jeefo
10.0.0.5366

ESET NOD32
Win32/Jeefo.A virus
7.0.302.0

Fortinet FortiGate
W32/Jeefo.A
7/7/2015

F-Prot
W32/Jeefo.A
4.6.5.141

F-Secure
Win32.Jeefo.B
5.14.151

G Data
Win32.Jeefo
15.7.25

IKARUS anti.virus
Virus.Win32.Hidrag
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.205.16483

Kaspersky
Virus.Win32.Hidrag
15.0.0.543

Malwarebytes
Virus.Jeefo
v2015.07.07.01

McAfee
Virus.W32/Jeefo.e
17.6.569.0

Microsoft Security Essentials
Virus:Win32/Jeefo.A
1.1.11804.0

MicroWorld eScan
Win32.Jeefo.B
16.0.0.564

NANO AntiVirus
Virus.Win32.Hidrag.clfcen
0.30.24.2487

Norman
Win32.Jeefo.B
07.07.2015 03:10:29

nProtect
Virus/W32.Hidrag
15.07.07.01

Panda Antivirus
Generic Malware
15.07.07.01

Quick Heal
W32.Jeefo.A
7.15.14.00

Rising Antivirus
PE:Win32.HiDrag.a!1173742080
23.00.65.15705

Sophos
Virus 'W32/Jeefo-A'
5.15

Total Defense
Win32/Jeefo.A
37.1.62.1

Trend Micro House Call
PE_JEEFO.E
7.2.188

Trend Micro
PE_JEEFO.E
10.465.07

Vba32 AntiVirus
Virus.Jeefo
3.12.26.4

VIPRE Antivirus
Threat.55332
40786

ViRobot
Win32.Hidrag[h]
2014.3.20.0

Zillya! Antivirus
Virus.Jeefo.Win32.1
2.0.0.2272

File size:
1.4 MB (1,443,792 bytes)

Product version:
5.21.0

Copyright:
Copyright © Alexander Roshal 1993-2015

Original file name:
WinRAR.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\winrar\winrar.exe

File PE Metadata
Compilation timestamp:
8/24/2001 12:00:00 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.55

CTPH (ssdeep):
24576:Aa3nMMMMMM0qXyvhxVvZ4MZf9yCBRwhBsOsbXp4fENO5nhsSkENMA+8W:FMMMMMMoxDruQ5dUhVkvADW

Entry address:
0x11F0

Entry point:
55, 89, E5, 83, EC, 08, 83, C4, F4, 6A, 02, A1, C8, B2, 40, 00, FF, D0, E8, 79, FF, FF, FF, C9, C3, 00, 00, 00, 00, 00, 00, 00, 49, 6A, 65, 65, 66, 6F, 21, 45, 73, 62, 68, 70, 6F, 21, 77, 6A, 73, 76, 74, 2F, 21, 43, 70, 73, 6F, 21, 6A, 6F, 21, 62, 21, 75, 73, 70, 71, 6A, 64, 62, 6D, 21, 74, 78, 62, 6E, 71, 2F, 00, 5C, 00, 20, 00, 22, 00, 8D, 76, 00, 55, 89, E5, 8B, 4D, 08, 8B, 55, 0C, 31, C0, 39, D0, 73, 08, 00, 04, 08, 40, 39, D0, 72, F8, C9, C3, 8D, 76, 00, 55, 89, E5, 8B, 4D, 08, 8B, 55, 0C, 31, C0, 39...
 
[+]

Packer / compiler:
Video-Lan-Client

Code size:
32.5 KB (33,280 bytes)

Shell Open Command
Open type:
WinRAR

Command:
"C:\Program Files\winrar\winrar.exe" "%1"


Remove WinRAR.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.