home

wrar290.exe

The executable wrar290.exe has been detected as malware by 9 anti-virus scanners. This is a setup program which is used to install the application. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.gameszone.ro.
MD5:
3cdeaaf3a3a9aaf5540c146735a9a4d9

SHA-1:
b682af3154789caf95bc27662e9e88cb1276158c

SHA-256:
2c72e9b2e563b986f38753dd1a69e5e166fe6f98e034945788f399628a1b508b

Scanner detections:
9 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
5/16/2024 2:25:57 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160327-1

AVG
Win32/Sality
2015.0.4545

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.15.96

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.217.869.0

File size:
771.3 KB (789,763 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
8/4/2001 1:37:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
12288:LqCTF1vnunVurRu7bp2DUOfyGOv4DihXqELcdXQuBYjahoGr2Id:3xZuVulUV3n4O6EZCYjSoi

Entry address:
0x1000

Entry point:
8A, C8, 45, 68, A0, 8F, A8, 00, 52, 4A, C7, C6, 25, C9, E4, 30, FE, C8, 84, FF, FE, CA, B4, 2F, 0F, AF, FA, 77, 07, B8, 25, 98, 83, 6E, 13, DA, 80, E2, 58, 8B, F2, 87, FB, E8, 00, 00, 00, 00, 5E, 22, EF, 69, D7, 58, D7, 50, C5, 80, F6, 28, 0F, B7, DE, 85, FF, 39, FF, 0F, AF, D9, 68, A2, 62, 01, 00, 87, CA, 23, FF, 42, 5D, F6, C1, D3, 81, C5, DC, 03, 00, 00, 80, E3, 0C, 2B, CA, 12, C8, 0F, C1, EE, C6, C1, B0, 81, EE, 1B, 06, 00, 00, 4A, 1C, 33, 86, D0, F7, C6, A2, 0C, 4B, 8B, 0F, AF, D3, 8B, D5, 3C, 82, F2...
 
[+]

Entropy:
7.9591  (probably packed)

Code size:
24 KB (24,576 bytes)

The file wrar290.exe has been seen being distributed by the following URL.

http://www.gameszone.ro/.../wrar290.exe

Remove wrar290.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.