» winrar.exe
Overview
Analysis
File Details
Downloads (1)

winrar.exe

Kusuberoh

Sivensys SRL

The executable winrar.exe, “Kusuberoh Setup ” has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from www.applicationsdeliveryupdate.com.

File name:

winrar.exe

Publisher:

Sivensys SRL (signed and verified)

Product:

Kusuberoh

Description:

Kusuberoh Setup

MD5:

04b3f6020042c8c4f39d1eab797d75b7

SHA-1:

7b0c70d27e1c736e5847448d012b053bdfe3b00a

SHA-256:

50e94f4ab55de3ae3ccabc92262be9d322724f8963f5286bd70a5147ae3de398

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

4/24/2024 10:50:03 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

17.3.16.12

File size:

1.3 MB (1,377,144 bytes)

Product version:

5.8

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\winrar.exe

Digital Signature

Signed by:

Sivensys SRL

Authority:

GlobalSign nv-sa

Valid from:

10/20/2016 3:04:57 AM

Valid to:

10/21/2017 3:04:57 AM

Subject:

CN=Sivensys SRL, O=Sivensys SRL, L=IASI, C=RO

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE

Serial number:

0D38E905F0B0BA5733036DFB

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9868

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file winrar.exe has been seen being distributed by the following URL.

http://www.applicationsdeliveryupdate.com/GXPBzlgZcNaDlrypt9vD3c_VDjWEl1KdJRatAz5hrgOZ2_RumAAXlOR9gjVN6hcHNJN o3CFfT_RvHa_9kdanp1DxkSB8 q3fib7HA501471V3PAamMKfGt1Wsxo3f6cuWVR2VC9PIpfP33CX_WwLCyQiufHAPYJCjo8ddmhcA1msdJl21fsGBSkwJzwo0YKLApmJRb5qZs9_BmS8WAFSk8etVKODAfTR2DWycgJz8_7SadzKE05dOXcxb2 UBJsuJR4KhlCdGBJV8XhloKZb1E1S4JQ4TmYGA1rtXpVNX8K53uNnr_da_pdr4jSKu_gmgNNm330epdR0i_kdesH0Pou2cx2t9ZkXjMQOdJonlJeHnXauNJk2fZ8QtdbKrx4IoIYcJzNH5sDWYqGmZmYMDHkciG_5ajVCFvYGMRrKnAS_wEOVC5xAAL FRWFpyd4fwbrcMMVsdXZvBWdfZqpCO8uMrbO4 wx3FfzLA8bhbj6d097X5QgGnjq8Z0KA6R so2ILrfRfnkuF2ry675qVxn6fz90z1TsUNBg6H41d6RPR9gzVkBjSCzfVo9wPUWzpcoy7JT1YgmQo2Ih8MJtHkAKz5navj3otoPtZ8BGvPccjfuzd3KljMYip_C47eSlseCKe3ShACQ719GTyIGUF5OI7jShZQ==-G0YAAORtm08NC7qN62lGQ6hRBAqVB1z0SyEsJTLBxtiZEkVuuB8lagybpV8rBN7rH0uQQrTpRMrIAevcUqQliAT6FA==

Remove winrar.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.