» wrar520.exe
Overview
Analysis
File Details
Downloads (134)

wrar520.exe

win.rar GmbH

This is a setup program which is used to install the application. The file has been seen being downloaded from api2.tenlua.vn and multiple other hosts.

File name:

wrar520.exe

Publisher:

win.rar GmbH (signed and verified)

MD5:

e426d0477a4190992bd4fada4c5ed194

SHA-1:

ab58e05a4f35bb450eb3ec5310e979f187d4dc94

SHA-256:

8478951144762aa7ad33358da820fe4cf46542ac1cb9e3956b5c064d3dfc3d41

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 10:08:49 PM UTC (today)

File size:

1.7 MB (1,766,368 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\programs\wrar520.exe

Digital Signature

Signed by:

win.rar GmbH

Authority:

COMODO CA Limited

Valid from:

6/12/2013 6:00:00 PM

Valid to:

6/13/2015 5:59:59 PM

Subject:

CN=win.rar GmbH, O=win.rar GmbH, STREET=Schumannstr. 17, L=Berlin, S=Berlin, PostalCode=10117, C=DE

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

75953FA54DD12DD9CA6B948C17BFD67C

File PE Metadata

Compilation timestamp:

12/2/2014 3:07:41 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:GnV80BUk84f0wvv97jeg6t27gLYaPiCCrL/zemveioP6muisCE0hGagdCh+G8Zy9:oUktVH9N7gkaBG/zFeioPRCCE0QPw

Entry address:

0x1D00B

Entry point:

E8, 86, 63, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 82, FC, FF, FF, C7, 06, F8, A1, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, F8, A1, 42, 00, E9, 37, FD, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, F8, A1, 42, 00, E8, 24, FD, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 56, CA, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08... 
[+]

Entropy:

7.9534 (probably packed)

Code size:

160 KB (163,840 bytes)

The file wrar520.exe has been seen being distributed by the following 50 URLs.

http://api2.tenlua.vn/filemanager/builddownload/.../?hash=0728b676e0533a561571622261f022d9316eac94ab13aa4de1378c619c404d4b622079f8e76d2fb11522fef013731b514a2815ceade24f2e6b5ec24bef9fd982da9afc908e5eddf7f6263401e1128665c4128224ab571c6f8e1a30ca1f7f3cffff30bc211f085c9f90ffed795a2cc176bd76bb0100557021467770d883eff13ba19503222775f88f6f&url=0b3da36fa30172185e33316174fd75853636b390ad53eb4da0&down=0b3da36fa30172185e33316174fd75853636b390ad53fc55a0&jump_type=download&file=sinhvienit.net-wrar520.exe

https://d3.usercdn.com/d/.../wrar520_[x32].exe

http://www.filehippo.com/download/file/.../

http://l.facebook.com/l.php?u=http://www.win-rar.com/fileadmin/.../wrar520.exe&h=GAQEqCb7j&s=1

http://file.sinhvienit.net/download/f05e0a09/c4398e53656c0b3c00e39e352d249f24/2014/.../SinhVienIT.Net--wrar520.exe

http://filehippo.com/download/file/.../

http://dc390.4shared.com/download/.../wrar520.exe

https://doc-0s-bk-docs.googleusercontent.com/docs/securesc/pirejdajkgugr7b15fonmarp6tsftt88/sbsquigdlbdnolni7g9i8radjus9g361/1482868800000/00292899524071449422/.../0B5qPD8aUX7hVdnBPN1VPeV9KWW8?e=download

http://filehippo.com/download/file/.../

http://www.filefacts.com/.../5989

http://www.filehippo.com/download/file/.../

http://api2.tenlua.vn/filemanager/builddownload/.../?hash=5b71be71b50e6e0f5865637d66ac2ad12d6fe8d0af48a84ce73bca6799524c1c622079f8e76d2fb11522fef013731b514a2815ceade24f2e6b5ec24bef9fd982da9afc908e5eddf7f6263401e1128665c4128224ab571c6f8e1a30ca1f7f3cffff30bc211f085c9f90ffed795a2cc176bd76bb0100557021467770d883eff13ba19503222775f88f6f&url=0b3da36fa30172185e33316174fd75853636b390ad53eb4da0&down=0b3da36fa30172185e33316174fd75853636b390ad53fc55a0&jump_type=download&file=sinhvienit.net-wrar520.exe

http://filehippo.com/download/file/.../

http://freedownloadwinrar.net/.../MjAxNDEyMDd4eG9vX0YtdS1jLWtfR3h4b0Z4eG9vV2h0dHA6Ly93d3cucmFybGFiLmNvbS9yYXIvd3JhcjUyMC5leGU=

http://war-fun.com/winrar x86.exe

https://www.dropbox.com/pri/get/.../wrar520-X32Bits.exe

http://www.filehippo.com/download/file/.../

http://file.dl1.svit.vn/download/f05e0a09/0320fe3bfd0e940d6b1cbb64f8b2823c/2014/.../SinhVienIT.Net--wrar520.exe

https://www.winrar.es/.../37?PHPSESSID=578bfc7cf277ac7d5567b50b4f4da036

https://userscloud.com/dqxuci7s5cet

http://filehippo.com/download/file/.../

http://113.171.224.214/.../wrar520.exe

http://www.filehippo.com/download/file/.../

http://filehippo.com/download/file/.../

http://ec.ccm2.net/br.ccm.net/download/.../wrar520.exe

http://fs40.filehippo.com/2150/.../wrar520.exe

http://api2.tenlua.vn/filemanager/builddownload/.../?hash=502db12fbb0c2e0f5964663c6bf923807531f192f644a10bbd6bcd6ac9551111622079f8e76d2fb11522fef013731b514a2815ceade24f2e6b5ec24bef9fd982da9afc908e5eddf7f6263401e1128665c4128224ab571c6f8e1a30ca1f7f3cffff30bc211f085c9f90ffed795a2cc176bd76bb0100557021467770d883eff13ba19503222775f88f6f&url=0b3da36fa30172185e33316174fd75853636b390ad53eb4da0&down=0b3da36fa30172185e33316174fd75853636b390ad53fc55a0&jump_type=download&file=sinhvienit.net-wrar520.exe

Latest 30 of 134 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.