home

WinRAR.exe

WinRAR

Alexander Roshal

WinRAR provides the full RAR and ZIP file support, can decompress CAB, GZIP, ACE and other archive formats. The executable WinRAR.exe has been detected as malware by 38 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.
Publisher:
Alexander Roshal

Product:
WinRAR

Description:
WinRAR archiver

Version:
4.1.0

MD5:
b78f9c223741adc1fd73d7089f45e0ed

SHA-1:
fa568aaef4940e6f9e18947b3cad251ff45cfbdc

SHA-256:
700167a222d349a52f78535155374fd0223de0dc9698f00e638c098c7ea9397e

Scanner detections:
38 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/26/2024 4:20:06 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Sality.N
886

Agnitum Outpost
Win32.Sality.AA
7.1.1

AhnLab V3 Security
Win32/Sality.K
2014.09.02

Avira AntiVirus
W32/Sality.S
7.11.30.172

avast!
Win32:Sality-AM
140813-1

AVG
Win32/Sality
2014.0.4015

Baidu Antivirus
Virus.Win32.Sality.$s
4.0.3.1492

Bitdefender
Win32.Sality.N
1.0.20.1225

Bkav FE
W32.HfsAutoB
1.3.0.4959

Clam AntiVirus
W32.Sality
0.98/19318

Comodo Security
MalCrypt.Indus!
19393

Dr.Web
Win32.Sector.28682
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality.N
9.0.0.4324

ESET NOD32
Win32/Sality.NAM virus
7.0.302.0

Fortinet FortiGate
W32/Sality.AL
9/2/2014

F-Prot
W32/Sality.AI
4.6.5.141

F-Secure
Win32.Sality.N
11.2014-02-09_3

G Data
Win32.Sality
14.9.24

IKARUS anti.virus
P2P-Worm.Win32.Bacteraloh
t3scan.1.7.5.0

K7 AntiVirus
Virus
13.183.13230

Kaspersky
Virus.Win32.Sality
15.0.0.494

McAfee
W32/Sality.ac
5600.7020

Microsoft Security Essentials
Threat.Undefined
1.183.1287.0

MicroWorld eScan
Win32.Sality.N
15.0.0.735

NANO AntiVirus
Virus.Win32.Sality.eqco
0.28.2.61942

Norman
Stration.EFZ
11.20140902

nProtect
Win32.Sality.N
14.09.01.01

Panda Antivirus
W32/Sality.Y
14.09.02.02

Qihoo 360 Security
Virus.Win32.Sality.F
1.0.0.1015

Quick Heal
W32.Sality.K
9.14.14.00

Rising Antivirus
PE:Win32.Sality.m!471630
23.00.65.14831

Sophos
W32/Sality-AD
4.98

Total Defense
Win32/Sality.S
37.0.11156

Trend Micro House Call
PE_SALITY.AL
7.2.245

Trend Micro
PE_SALITY.AL
10.465.02

Vba32 AntiVirus
Virus.Sality.309
3.12.26.3

VIPRE Antivirus
Threat.204212
32210

ViRobot
Win32.Sality.F
2011.4.7.4223

File size:
1.1 MB (1,122,304 bytes)

Product version:
4.1.0

Copyright:
Copyright © Alexander Roshal 1993-2011

Original file name:
WinRAR.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\winrar\winrar.exe

File PE Metadata
Compilation timestamp:
5/28/2011 11:03:10 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:xdsuNOCN8loXWfgLYeuQaTjCdsyYYDsseHtHwKlK7MMMMMMRx0b:EuY28SUgLYos81MMMMMMcb

Entry address:
0xA90A9

Entry point:
60, E8, 00, 00, 00, 00, 33, C9, 8B, 2C, 24, 90, 81, C1, 00, 38, 00, 00, 81, ED, 06, 10, 40, 00, 9B, DB, E3, 68, 57, 5F, 0B, 00, 8D, 95, 00, 10, 40, 00, 90, 42, 4A, 03, 14, 24, 8B, FA, 90, 68, 46, 10, 40, 00, 55, DB, 04, 24, 8B, C7, DB, 44, 24, 04, DE, C1, DB, 1C, 24, 90, 8B, F2, 66, AD, 51, DB, 04, 24, 90, 90, DA, 8D, 7D, 10, 40, 00, 90, DB, 1C, 24, D1, E1, 90, 90, 29, 0C, 24, 33, 04, 24, 90, D1, E9, 90, 66, AB, 58, 49, 8B, C1, 74, 02, EB, D6, 90, 57, B8, FC, 6F, 00, 00, 29, 04, 24, 40, 48, C3, 3A, B1, 00...
 
[+]

Entropy:
6.4753

Packer / compiler:
ASPack v1.08.04

Code size:
737.5 KB (755,200 bytes)

Shell Open Command
Open type:
WinRAR

Command:
"C:\Program Files\winrar\winrar.exe" "%1"


Remove WinRAR.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.