rar-password-recovery.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from lb.cdn.m6web.fr and multiple other hosts.
MD5:
261207564b090f9709f768d2025ad78c

SHA-1:
d3fa315ca591d39665a07b7fd703aa044638d995

SHA-256:
a32c34e09eebf02b66f5ea32a82a3fad4979067f9d188556d34b8a3f820016aa

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/23/2024 8:05:57 AM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft Anti-Malware
Gen:Trojan.Heur.2mLdr51wAXjby
8.13.12.24.06

IKARUS anti.virus
not-a-virus.PSWTool.rar-password-recovery
t3scan.2.2.29

MicroWorld eScan
not-a-virus.PSWTool.rar-password-recovery
14.0.0.1074

File size:
731.8 KB (749,404 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\rar-password-recovery.exe

File PE Metadata
Compilation timestamp:
7/1/2006 7:05:58 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:B7dvePLhs1NfKziRTJiSO4ks3eLYrU6bkL44Ycj51RZQCSKDnMpMq:B7dv4hsjfKz6TKrbkU6IL44X51k9SMp3

Entry address:
0x3166

Entry point:
81, EC, 7C, 01, 00, 00, 53, 55, 56, 33, F6, 57, 89, 74, 24, 18, BD, 40, 92, 40, 00, C6, 44, 24, 10, 20, FF, 15, 30, 70, 40, 00, 56, FF, 15, 70, 72, 40, 00, A3, D0, F4, 42, 00, 56, 8D, 44, 24, 30, 68, 60, 01, 00, 00, 50, 56, 68, 60, 98, 42, 00, FF, 15, 58, 71, 40, 00, 68, 30, 92, 40, 00, 68, 20, EC, 42, 00, E8, 23, 28, 00, 00, BB, 00, 64, 43, 00, 53, 68, 00, 04, 00, 00, FF, 15, B4, 70, 40, 00, E8, 64, FF, FF, FF, 85, C0, 75, 24, 68, FB, 03, 00, 00, 53, FF, 15, B0, 70, 40, 00, 68, 28, 92, 40, 00, 53, E8, 0E...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file rar-password-recovery.exe has been seen being distributed by the following 40 URLs.

http://lb.cdn.m6web.fr/d/c/a/6449939f2eba509029d23717130b83cc/572353c7/soft/.../rar-password-recovery_1-1-rc17_en_64532.exe

http://lb.cdn.m6web.fr/d/c/a/0b09202b60c550d381fbaec404717c95/584b3027/soft/.../rar-password-recovery_1-1-rc17_en_64532.exe

http://lb.cdn.m6web.fr/d/c/a/961d0345033904c130552a57c224e885/588a6374/soft/.../rar-password-recovery_1-1-rc17_en_64532.exe

http://lb.cdn.m6web.fr/d/c/a/c83211d2833bce63bc6dbc202414b529/582ff30e/soft/.../rar-password-recovery_1-1-rc17_en_64532.exe

http://s10135.chomikuj.pl/File.aspx?e=aSzKhNjcoA7hghvtd3t9BxETeC7Al15vzytgWBRSEPN8UNgYQSRdgEKwQrNPFyziG1WMFiAuDeFITKRe3Ffy9bpqhUMJNzbZmWICTIaI2Bc8k9040aBWny4MMgyU4SdTICjvjFVHxbO1tP85yvVcQg&pv=2

http://lb.cdn.m6web.fr/d/c/a/76019c22e497ea30b187a4397ea3b3ff/57817631/soft/.../rar-password-recovery_1-1-rc17_en_64532.exe

http://share2.earthlinktele.com/download.aspx?file=463673521&sig=MTQvMTAvMjAxNiAwMDozODoyOA==

http://lb.cdn.m6web.fr/d/c/a/48c02b032592faf6bf642f2910259450/56e45454/soft/.../rar-password-recovery_1-1-rc17_en_64532.exe

http://lb.cdn.m6web.fr/d/c/a/54cb51c907500019b90fa0b445bcf270/57b43a1e/soft/.../rar-password-recovery_1-1-rc17_en_64532.exe

http://lb.cdn.m6web.fr/d/c/a/c130809cf8939c2c75832647422dd160/5818d87f/soft/.../rar-password-recovery_1-1-rc17_en_64532.exe

http://lb.cdn.m6web.fr/d/c/a/ab29ff3a2e69dc69edee5bdfe02943a7/581348f7/soft/.../rar-password-recovery_1-1-rc17_en_64532.exe

http://188.138.75.46/.../rar-password-recovery.exe

http://lb.cdn.m6web.fr/d/c/a/ff5825b1538f0fd46e6cb853c8308f7c/58168b7b/soft/.../rar-password-recovery_1-1-rc17_en_64532.exe

http://lb.cdn.m6web.fr/d/c/a/250797370f8c55dd61b6d7f7ddc9c966/57ddf35b/soft/.../rar-password-recovery_1-1-rc17_en_64532.exe

http://lb.cdn.m6web.fr/d/c/a/9d840e52f6e52a1ef143b2821324fd3c/57fe78be/soft/.../rar-password-recovery_1-1-rc17_en_64532.exe

http://lb.cdn.m6web.fr/d/c/a/8a484c5ade396f59bd195f53cf670666/5810b128/soft/.../rar-password-recovery_1-1-rc17_en_64532.exe

http://lb.cdn.m6web.fr/d/c/a/621225dea13d9d25672e727149d9d3af/58166958/soft/.../rar-password-recovery_1-1-rc17_en_64532.exe

http://www.ranchsendgift.com/H4qCcbGjtfzAdG_1mk4JnNv_foD9Ut5XljsS2T9om2zTrdQVsh6SC_7glnS5fuPBz0SJs95DxPgzpBZyLMAvCIPn5IrzP7tN9XuXReWmuxU90MXkbZEFUq7w_sqNRou7U_M_Rkf0f1EPW7qBbAO7pEZbNt1EdVYDum9pwccNB4 fE9nNDLUdLPDEf4Ju9bmuk8iQAXrQ8xiJYdjvxZ1lDxEBJll_Pw==-GzcAAARqczGpMRsuCKLwDLaBQw75ANqWUGCBBlJvHJhyjSV_ag69goe3Rqk4W5DFBHa_8wA=

http://62.75.197.175/.../rar-password-recovery.exe

Latest 30 of 40 download URLs

Scan rar-password-recovery.exe - Powered by Reason Core Security