home

wrar420.exe

think-cell Software GmbH

This is a setup program which is used to install the application. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘URLRedirectionBHO’. It runs as a scheduled task under the Windows Task Scheduler named GoogleUpdateTaskMachineCore triggered to execute each time a user logs in. The file has been seen being downloaded from www.conecptmegacenter.com and multiple other hosts.
Publisher:
think-cell Software GmbH  (signed and verified)

MD5:
d41d8cd98f00b204e9800998ecf8427e

SHA-1:
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA-256:
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Scanner detections:
2 / 68

Status:
Clean  (2 false positive detections)
Whitelisted (by digital signature)

False Positives:
A number of engines detected this file but were erroneous detections (false positives).

Analysis date:
4/27/2024 11:53:46 AM UTC  (today)

Scan engine
Detection
Engine version

F-Secure
Application:W32/Generic.70053c248f!Online
5.15.154

Microsoft Security Essentials
Worm:Win32/NeksMiner.A
1.237.1169.0

File size:
0 Bytes

File type:
Executable application (Win0 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\wrar420.exe

Digital Signature
Signed by:
think-cell Software GmbH

Subject:
CN=think-cell Software GmbH, OU=Software Development, O=think-cell Software GmbH, L=Berlin, S=Berlin, C=DE

Serial number:
4E757C8BDCFB726CA106DEA03E587808

Registration
CLSIDs:
{0B314611-2C19-4AB4-8513-A6EEA569D3C4}, {1EFB6596-857C-11D1-B16A-00C0F0283628}, {24B224E0-9545-4A2F-ABD5-86AA8A849385}, {2C247F23-8591-11D1-B16A-00C0F0283628}, {35053A22-8589-11D1-B16A-00C0F0283628}, {556C2772-F1AD-4DE1-8456-BD6E8F66113B}

ProgIDs:
MSComctlLib.TabStrip.2, MSComctlLib.ImageListCtrl.2, MSComctlLib.ProgCtrl.2, MSComctlLib.Toolbar.2, MSComctlLib.SBarCtrl.2, MSComctlLib.ListViewCtrl.2, MSComctlLib.TreeCtrl.2, MSComctlLib.ImageComboCtl.2, MSComctlLib.Slider.2

COM registered:
Yes

File PE Metadata
Entry point:
FF, 25, 00, 20, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

2 Approved Shell Extensions
Name:
Web Sites

CLSID:
{B28AA736-876B-46DA-B3A8-84C5E30BA492}

Name:
Revo Uninstaller Pro Extension

CLSID:
{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}

CLSID name:
RUShellExt Class


Automation Object
CLSID:
{0B314611-2C19-4AB4-8513-A6EEA569D3C4}

CLSID name:
Microsoft Slider Control, version 6.0


2 Autoplay Handlers
Display name:
NeroAutoPlay7PlayAudioCD

Display name:
NeroAutoPlay7PlayDVD


Internet Explorer BHO
Display name:
URLRedirectionBHO

CLSID:
{B4F3A835-0E21-4959-BA22-42B3008E02FF}

CLSID name:
Office Document Cache Handler


2 Mozilla Extensions
Name:
DELETE FROM addon WHERE id='{03c4132f-ea97-4081-9f28-a047c52c4daa}'

Name:
temp.txt


PROTOCOLS Handler
Type of handler:
osf

CLSID:
{D924BDC6-C83A-4BD5-90D0-095128A113D1}

CLSID name:
Protocol Class


4 Scheduled Tasks
Task name:
GoogleUpdateTaskMachineCore

Trigger:
Logon (Runs on logon)

Task name:
GoogleUpdateTaskMachineUA

Trigger:
Daily (Runs daily at 07:55 ص)

Task name:
Dealply

Trigger:
Daily (Runs daily at 18:00)

Task name:
Funmoods

Trigger:
Daily (Runs daily at 13:25)


User Start Menu Item
Name:
CurseClientStartup.ccip


The file wrar420.exe has been seen being distributed by the following 50 URLs.

http://www.conecptmegacenter.com/ZOGmZifcNBZVtNDTT46UX3kdUgYsfgCtDtrU8Hexv1vGVYDTlBl4BHIiaGCK966G5N_WL5ztRJcoD02oLGYKgPGjlsgrdWBcEFiUYX9hzlPiUX_Fo4hVAwuTZ17z04a4q53lvadruColjm5ZWYcz3R4pOnkp2s6qbhMdnDsfwdMdziVMZeYv01L8u6ROVQpWXdrjrfYs6gabq3 oXIffEgjMo1_WJqjiYG3poDtKfIgzzfruJljmYU5LtUReKGxMq 81GzwbADpFbWT2bSbIvBY8 pZA1oe9zthUS3ZoPHrugQwnblfGMopHDwX9o3ebuDMliWuLtPOedwyDKgradsiqjlKVI S 1NQgkFQQu aZJ60WLbmxqz8ZDjHPc8yJ2EDSVTKcXA 7Pc41WNWYFD9YSjhuj5aN4XhNRWQYFURo60vXl7sCCMx3Gjs _S2o5hRAwjDHAUyT6UbiZbLWre6sPkUQP43CYc6L504n7NyHEeG3aGwI8_N3Lqip3SgTtdNtLmobsAaHGY_fgrS0zwZQ30 f3cwjeEu_TBhbHGh7BscXtx_oLYjuJrG 3NOeRbTjJF1A62rPBPbnUcGopV5KAVuEQQZmyCue0ZJTAZ7TizMCIGyotbedG1YFW4eyLh4vFNiEKiTL0Toq2QlRW17jwQBbMusDc5tmUByvuiCudrznhDPdU0Q51ugwFJOt5paMGIeivd16u_f3q1C_McoOhkz0iY4g2EIwfJUaa3uB75Ubzfb9XHGGp2tSv lDrH8ZuqqgDg5w5cE4vlJ1G IU11v3sL7bBRqzraAOnw39rZmpF5IUzGEEucP_A51etCvyGECF2jzP84HCvANWnM1PijKUgqAQLxP4EX VGCJvqhMtpiinkcbjLg4I3zQ48DZSuyjFHhV qAiSULGUjHDdxYypamwLl0GE_IvaH91MMdo3_cz8l2AijJ0WvN4UYrWR0D8

http://files4.displayphone.info/dl-pure/1190461/.../?bc=1190461&checksum=701771&cb=-1755957522&usefilename=true&executableroutePath=1203285&stub=true

http://images.sex.com/images/pinporn/2016/04/14/.../15469968.gif?site=sex&user=tobyboy76

http://www.fichiers-telecharger.com/WqgJ0IiZ9ppy1xWqX1Gh7ulRGgWwuO0QnJshWa3DfI_nPpA53YIkrYHF1kTpUdMQwqLWvLLDD0Vr6q0B3DWj IAu_vIm5EkHCb4fpqJYHGsf0iGLioYtz14OKVagoRUIiro8c0GCSMBQ7rsCCMNySU8cC1tOQspl0W8mOWa2tr_qTGOleuLKBrGuQ9B7DmAD6K4F zZ4CjSa4i3Zb6_2jFtvZveFBDL1Ccxa77p3SOti0TSVRZQ8uQE5MI14unfwAepPhoBjqEMBrYYLcVIbgauT5MaG_V9DmNj nN7aclkOFL1Yp_CUJaDs6u7m8tfDnyZMG8s0txB Nn1mGvnzYxFON6AMp4dq3mG9D8t8GWwoLzwMRFz1Ye7UPmJNNxfT3SmpAV4XZnORFb5pO7g_Z0I0sIXtBDfmfBSqLGaXSg6XVdSjHlIlxTEICiWA8MhSGdggXPP_YdBML5Lyvaz_AyFX zHWHkSdzriXCk9VKAwhTZIxrzCbfWN3YIEsGpFZ6 9wGOiN7VZ1_8zxk1wI_CGbps9X_0zCtBnnGwbYGaaji 5Va3vjEAV4IiU08 Pt8swp6Z_yXgNz3VEdQM_kt98nsn7qLeJy1B1nqwPxD0MEJld15Wcnh8Xf7IRTMoOqVcrNSPtDiDYEWjk2d9BiyNkCo44poVvEJUooOqOJGd3gChZjX5NNVy3SRYTaZ_wfnF7_9US5AXQg NvagLYcEQIaTxND F4sDnvHlTJ_t1751ebJ_ZdN4lGxnialwuOkm3tmyFOxPlCTOhw_nOjvxUnISSst HH0AL9H6rnCsL9OHOnSE47J081y5aPvvcPGqL03aiY 2hQDuz5qLVs VIcEjN4JJM3Hb1gACmb1N5JYpRWOADyw_mi6rx_h3O2zmz_LhNU-G0IAAERP1ppGaJ_WjIJhAw45cGiLOkiYYLAxdq6E4fyukzAJeU92USZoMTz

http://www.towerbitscenter.com/ii8LfGaak3SIpcZKito1HVmWgkXPcu8JvQaDySnrJe3 dKzDyxXtjtJyW2KcAwBIpUvkA2qFAOlU08vPb6GtGkRExbS23ymCyV03dTsXYmrMR0QETyiUk8DfoPp9a5h54GJfljYnnTi1 29JwT5QpDBQhYrkHzbUJD5RMH021xLblc7MwMWSmMlZLZWKiC4LkPiv6nE4Ftrb2wJIBRVotRdO3ZuObw==-G0sAAMTcRrHd_pYHugWLCBqEDThw JbNBsLBY_icGgneeOueWRs7CDUqxQNS8uhuDzEwJDxNx3ro3w==

http://www.bumpersoft.com/d/.../?pid=11187&l=1

http://extremeelectronics.co.in/software/.../extreme_burner_avr_v1.4.2_setup.exe

http://www.chuckledownloadsfun.com/hOj911BUe9bTm4 PqbzPxmds_knDD8vTeENxjBCl3kU6ENzn2w7Ekj6b5FTJnMw16WZ4rLy9Ep6JOOUbuvHP4xeBDs4AJ2y3a_QD9GU1CqW bbrTiw88xXFJ87peBtx6NvmsO47qUmeRQrPACjUZjqHa6zCTcQ7F8i1OAM1Di0BEHann2E Zfwr07AQDFGf0pggEKFjKJw27RML_Lk39x4mktuS41BBnEmBCpy6f70gJyFQli rMey6FU011F epI1JTKaZS YOWVk8QQeRf1S3fZSTW1L352Igv wOBcwLD8ldywxc=-GzMAAMRtbD6dP5DoGFigjAP21UReJzrQwUNW4suZyDVG_t5rXEpHV5no8TA8GxQD

https://www.accountonline.com/cards/svc/OnlinePDFDownload.do?dateRange=08/.../2015

https://webmail-seguro.com.br/.../?_task=mail&_action=get&_mbox=INBOX&_uid=3214&_part=3&_download=1

http://www.currentfungift.com/ZC7Z tySkG8Gkjn2bK7pZZiDCD4Nv4Fdo4gxtyjvRNv7cLwmKdfofvhIVED4IfAihBAFWj4lrIxPfEGtZ84tVY0fNbRz7I 6WFCXesFCVZD4m7pZsDLrj710r09t_g3HPP25PNBTjhPWVTUOwV62S6NWiDgc9jPRuBa9RL3BXYTKTp1B2RftVzfKdoBM7QYLfIhOXTi7V136jkpx10NNGCWEOAnGtU8XiHMxkeLlhjKaA 5XNzEN8g6IwIRIP5WpLptHaO kzBuHqPW7xQCDcJa Oc6rXCi tRYn4TaXRrN0mdlxuHmEgyBly5I_p3NMIbysllQeKxXZztEO5IA sTUTOvpG3oy1MqvDs0wNvrTZPtfboHJbyKYFAP2CI7NpZfhzdQ7y4fsFGqrcA0nqXC_CG1zzaEBSNOR3j7xjNhNoB8Br0mCZsfBZhaftxKTLy48oHXeJZ7kj2Ag71f kMoH_tS2Ly92aK8gS6aE8kkeeODTSt5fEcTHf0EGK3DbmuK33mz1h-G08AAGRwXmtrh9CkZqXBBhy4JJoEOqDd2fatmv__TgL8ost5Xv1uZJZgV3Hnd2lQuNza9yuIUPoBMrd22t_sDet2ZEc4gUEhaJ4SGI6gaA==-e

http://cdn.downloadcocci.com/.../setup.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224203885.YYA.2/nsis/588571-YYA.2/160210170805537/.../PConverter.ec5190c2df4a4494a96b17715b3127a1.exe

http://www.shar-m.com/.../alfa_network_wireless_usb_adapter_driver_Downloader_276600014.exe

http://files.getsoftfree.com/get/click/.../?uid=1782--941--1397347861.8357&sid=FX_941&filename=Setup

http://www.downloadfarmlaboratory.com/aV3bVLdRgiIwrBkracc0iqd6IooQFPlXV2 4qUqtTNo9LrOYTD12dwowXi NRTCs99HQgvxJ0RELMR9U wlp2HohJ_MPDinFsFRXR0PEaoQuYc_qxabykuBuL ICqdAlvGbaejFg2zfUeCFBfNjsN1KbCawZ JZxlxkzIhQcz9KIu PglD3lZnBorBrJ vOHxcswhQLfMJUKfXpa rwhkvJcEhLVw9CZFEf9NA4mRe6 g73zMmWP4iKvEPGg Z5NoAfQ2aJsEHCtrzKN5 oDx 2rBxXRF_BxW6bdxcuJ2T55i9lW5TIs1Ft1ZpPr8wRhFHDaf3f5m0TdF_aMf2d2YHpnDR57VMfaTWNQsdi8VRmGCxsCDUvPEdlLO0GFxsrrmjwkgWU 0X2_Fts6oDVggs_r1kvjyVuheTPPV99oOzExOAIwBWnAC9BbBBWHD0sQ21dvQuOiGr8QTK0fqEgA0V2Qk5HTIdRnZmiKnyHoQ8cleUuNxJ6XpMeIDb0nUbH_m40HZGKdbP7 jh6vokve4R3QGQNEhAeGW5ovyo2Dd4kUzFqw6 hMmosWBtlRR5eBN14xNYikyg2gsXQU0Q dLw4w81R7RCGeMLVWuopKiQbw3IVxGIBcQr7ZkFiPhByeZxKqVOZg4OjeHLhNKQXMO B0KtxQpIQ8y_KSin_5bGPzoK_Hoi7U63revzIxDtf7J1IPVY6AncpqGOM6DKH6Kw0IsaTBUPGcIoHYocxfClZ9Ll2fJCIs_PrlPf vdS2JT2UCNvAK8Eo0y0AeHuYZ_6KIDRJNrxufiz wQr9V06ziq5hYawYj9_GFiKKNQ5ekAcO94zDlID6362EFBe3zpfF7ZcAgepEhpT3zLN3_u5Jumu7guEO0BXArUdb6OBx78lAKXF z9CX2A4BvWKI3IVzBbs74CNJLiecLoDWnv _QjbU3stB8hGQ9uM2OVbzNG6

http://cdn.games4windownloads.com/Iv_grV6rWpg99r3MW8lttpXL1BZt6iFoIuBNzvCoMCWzP7Kt_GymCfOjAOlTIjQeY4YeUqcWD9OkzRbpOKUV6DNPRnS0WKsInAo0n8cmHOUtdBXCoVWLCLXrJR7z75MWBs TTXf41Ux6b4BUZyMPd1x234hg4KYm03JBgA4BeE4VONEWMOfhv9q6WQrbpoXjDivIm8LH5HoP6qtkcxe14LqfL5RCInv63AopGWzbOeAd0psaYiAMOZjuCqIJBiOPjIf_NljjpNKIWZ7ECXvpqrMdVjXAX9BgPrGvASXLlY_grSmN4xGzdMaqinXFjf770Dijy0xxTmMbdIIFHJSORIEij7oYZm8foH9 RK8IiUO7FnGiOmpnjv 0m0Mg2bSGaYYwFE3MTeE4HzhSKAaNiybqgy7QE8UIVlv6rdrofYgjEatYuSCOUjxriVQHCD0Kiouhe2qeSrhdlULD5DyRvSpoe9fXzp bT77Zk0376R4gb 3vtBEh8jG77o 9z4XOstH1jeVluS07ql7aj2KlPo_6ndJ9UySqs09Jc4xkeArAwSrIq8FJpltHFI63ECgJPZa7r0 z-GzAAAERPFpsX06rikjHBBhxy4PBFB0wwK09wy41xAyas6R57NgptihLd99y4qfAJ-e

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224301632.YYA.2/nsis/575873-YYA.2/151215165048868/.../EasyDocMerge.8be4b97a7fb14f1e96c1fe4613e4e8b9.exe

http://www.conceptssafepresent.com/kUdRX YPyBqyRRXvUs10f3QePPFYQID9qLBGmsJTqod3ANjd DXLMjv8PyiVTNaj_47mJKOumCqXOwk1pn0wDFvh7fiBE6ngmjyGj_ M6M93TSf7KnckSBjfpGWkukzKO0T 6NrzlBaZHNHeQ H4Rtkz2nUNt4HBLp0ZHoDCuRfPRQXhcxSsrFDqVwF4t2xw7FKW3u2vzbBzfZWOggo7ROjnMn9Zgw==-G1wAAGRwXmtrPJWe4AwINuDAJcGXQQcbCIcNOOEK9tPf9z4J8I2Gdd3quchOhJ3G5wBNDVR6ouZvzOvWg5xGg52wQud XljsYjXkpQ0anXISy8qMwBE=

http://www.bytesendclear.com/gxOaS_PuDCWRvhvZ1o2laaKLWxzZOCKQYrC YSL_FVL6dlUUIvsDLYwmHkMBwqSqXD58UvY6cnjW4SiEZJIe1oyDJAhDT7uefi3oak4KL2JAyO4Zet2g2 flXNwTB1cvdXjxVNyET3lonrW_zY9I399p4rXMWW6_OViNgBsnIm_VOQeNUQABdD WGB6FAMC30jdQLSXMerD6y R7Sldlo fEeBFCHC21hG0xoMHCzcetPrRLc1c9uzAlv9j6FILX0f39ZEZ kXpz mJobMa1vu4gu9XtHcSBs9l3dbjJZjrnSWRhf1XIpUvqEg8CGwP7kjl9g29xk7Q6WjoJ29u6yJWVKsbXdS_awkctZmRAcksnrOODsDisO0DiAgtBn660bMvXzaHOyaT0sQMZ57PcW6h5DVYMqyEi5eb3t98ebk6m84dj_V2qY_ZvBJPihDdXZjiDcQRUXFutX jzFg1VeMLfIpv42BaNKuiYefVhdDHjXZyn4ifdHKs49qAeeRHEvi8MZu9v9_xCzrnbgKiQN3e15o7OjE10sAAzjdQRw7yiVtY6WtsqPXEro8ijHOnj UxS_QVpWZCl2K9ynLFPKoTRWdXBxDVNxBA3dRLTNbPqtOfAR68=-G2sAAGTwHNKqsO12kIgChxyw17qEFqAGjsPnGpGmvDFBhYpJJ7cC_RBBHmlEvHY2CQ MUxFwnhywBluQhBYGOxGScuilEKOsqYfCn82wk2_bDJu_AQ==

http://www.currentfungift.com/mnX3JO tFfZiV2KyKaSx0qKRDE7f6fxfNOXNk6A6AWHr_c9EAlnbIC9k6KSXGdluBCj77lGBS1Kyi30iIzIo7wrTZqpxF5Gs0Q4xPbMBtGNPwQTUYuoPTS1zI4MQ_eLz_b7h5694U15n5c9LFWptc2xUB XT2q9a_nWPCim31PnK g6bRVlTLFpkkJAS8VxmRigjyp6m4gNXihlFFzxbaRqwX5QXOOJeKFd1ivXz78AhU kLcjU=-G2EAAGRgnq2tQaggDsIGHLhMAU DBmiDx_B5J8UpW97veyUib2i9rttwOGrow c2Bt_LOL3BuQRgqAAJT2j8j_LrLTot7f7qwFTxjOhn1gYHyrpUYBRRgqEwlqVpBA==

http://get.geo.opera.com/pub/opera/desktop/26.0.1656.60/.../Opera_26.0.1656.60_Setup.exe

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-tC0ERbL6rzaYAKMNzxBw2wHzr1KGiNfSbFSUv_i1YMCewpv7xeDZYxJp2SZpX53H/messages/@.id==AKBUfbwAAn2KVwo8nQEdKEAAKgQ/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=784991ab-763a-2e6a-0172-c10012010000&token=eTISLJBZzJvczG6Z8VPrMtYpSRhL8zzrlbcj2TvajNGL-86C_LnsFqJ2hjtdQk5efuSv2dyYKMLOAEoHrmKWWA&error=https://fr-mg42.mail.yahoo.com/.../iframemsg?id=f49e5401-8004-ffac-0df6-957706eb3cfe

https://mega.nz/temporary/.../jhgGiYzR

http://www.presentfuncontent.com/YRK6pfXsKQrGyPKg1GRPsGUwxT4CyQbih6AtGKTIfJ VAqntKko2UNoeLpf7QrEkNMYjDqotXukrABP _kVehlQX7w25FDAoZznbrRjIoEUIh6H2hLtm1VHRKJMEZeXaAT8Or hTtJLzNYoWQ1gTiUZSDh8guxryXZ4QCObK5RhYQu6GE85Yx32pj370gBGND4SW QPvm8eDrqxwFpUz4enL_cD9BsLlj0fvgFuP8QN1Z4Y8FpknycmS1KbllOk2BawJkLUmUXuDmiQ4vVmaniFaIboZraToDNwsJ0TVPZITE72pub4cXFepYYIIWqFH83IP_ Le4p Rtwwy1G8zq2zANac1wQwX05dr3EG076KlmmrcZ_GKGF0890 LCVqGYzFBDEiE-G1MAAEQ3F5OuLRQxFUHu2 E73CkHDi1KW_MAO9jBQ1ZU1WYPoo50JnHW1rxCwRHFMvbHZMtF74BOREypIb1_Aw==

http://12244.wpc.azureedge.net/8012244/drivers/rtdrivers/pc/.../0006-32bit_Win7_Win8_Win81_Win10_R279.exe

https://www2.ati.com/.../amd-catalyst-15.7.1-with-dotnet45-win8.1-64bit.exe

http://dl.static1983cdn.com/n/3.2.2/.../Dev-C .exe

http://sharesuper.info/.../Photoshop CS6 Extended Full Crack Patch Keygen Mediafire Direct Link.exe

http://sf-helper.net/.../file.php?id=default&f=&country=in&ts=1471334529&s=93691b26077bb043eccac767ee5a5da4d810c3dd

Latest 30 of 21,403 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.