rpc420_setup.exe

RAR Password Cracker

dnSoft Research Group

The application rpc420_setup.exe, “Recovery of lost RAR/WinRAR passwords” has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from lb.cdn.m6web.fr and multiple other hosts.
Publisher:
dnSoft Research Group

Product:
RAR Password Cracker

Description:
Recovery of lost RAR/WinRAR passwords

Version:
4.20.0.0

MD5:
44449b4f09dfec05b0295f76a3044793

SHA-1:
eee472d967dc7cc58da4b26d0cc0f465a74e2e0f

SHA-256:
e943bb1bac377469a8b9895ab372964d30c1018ceef25cb45bb93a8b788fa2b7

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 4:00:49 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
2014.9-140926

Baidu Antivirus
PUA.Win32.DownWare
4.0.3.14926

ESET NOD32
Win32/DownWare
8.10469

File size:
379 KB (388,129 bytes)

Copyright:
Copyright © 2014 Dmitry Nikitin

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\rpc420_setup.exe

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:4s4SuULVfKRxc3urQ1a53iyPZVyRgH8/Wd9E/TFOUqn8epYp174gNhsyZ/5jC5Pc:4S/VfOc3b1a53bxV0U8/Wdi/TFZze2zB

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9246

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file rpc420_setup.exe has been seen being distributed by the following 50 URLs.

http://lb.cdn.m6web.fr/d/c/a/2b27d5bb5d2c848da5692019a2f21448/54d7c79b/soft/.../rar-password-cracker_4-20_en_171956.exe

http://dw.uptodown.com/dwn/d46CwyRlVpBp3ttXZ-p7VzAIvMoezYgHnRYFZOhcJhSmhlyMUqYm9M2GxRp_rVjk8CzPvddM54LNxnceOxVjdBME9eQsF-2G_eeU191fH2OhqBQfW518qomx_n45CJlD/IwoIFbXF6xxmrPzv9WRkyNrMq0rDNCZe-7jzp-6K0yABeBGPyR3eGFYhix3PWIaLZ3ZLHW6zwYEKAT8gMTWSRRXeSATN73VgiNnAfSLR3d3HqGbEUlH1Kbz4LYj0snDs/SLUIrKMNJFiEyWQcvwGWt247YrKZmp4DSiW5z3BVxzGyHImtlGy8epxM9ZEQ6JyNet86M3_blXjcNdbyxDyQjBEoPbt7gwm3M0jMcu25TchD0cB3Ul3Ke_-xyRfr-mgt/.../

http://dw.uptodown.com/dwn/cBJvjM1dHvkKcMNiS2MMYOM25OIQ9wED7O3ZMy6AQDHOfg5Y0BPlpvpH-a9VnlRqqVfqSM6ySt14esNBuYauO-iB_nmfHZ15gwCtPhvTBaOewLGP33he9GI-SlejyDfw/llxon7LKjbf7o2cTt8FvVI4vzkQn9jyHWl1dRT-dHX0RMnFvsNrFy0v6LO011ZMy0kJ0BuycYoVnzDR2fIOHVhRPicQvmrg0jMmvwJgLZ0qftTmSW3IuL42ELlKhyZFX/o5ye5J5y3c53AOAsbp5zDcQdzpH1rmc_DhWFGTyYJYNb86sIDfdO9dSAoYWnZlrSIqRzfswPUGgbPdwNlHoaLvrQGxJzQFk7-2pbsN9F02ujJTNk6YNBRgG7fn5w8D8z/.../

http://lb.cdn.m6web.fr/d/c/a/76748988f49dd54c50e72b0e50df0946/581565ac/soft/.../rar-password-cracker_4-20_en_171956.exe

http://lb.cdn.m6web.fr/d/c/a/f8f0a8107522c0dae3350f9dac1c6cee/57e39a31/soft/.../rar-password-cracker_4-20_en_171956.exe

http://lb.cdn.m6web.fr/d/c/a/eb1b02ca2dcab1405a6d5b7875688d61/58405531/soft/.../rar-password-cracker_4-20_en_171956.exe

http://dw.uptodown.com/dwn/mNANbWQu4xYpCt66pab7fu6flaM5K2iZvdySNpjWCxo1c4Gf2nk-MgvSsOzwBGtnKMtZ7bsODwl8YGPyEwdQto3c8-na9U79esv0v47NggJ8GLHOsQNtrWkiHfmIo95j/FqVV7apZfcKIRVAd2pZkTpyfyaz6CciSCDfDlniuNQRDzFC9PR23-pBb34099PUjUYQl1nT0u06SI0gkgrV5_AsYEIIgKbeEKg5IizEPDYlnNoAdX0UMfN2aEwC3bJov/i6JAo4hh_UB1T_6OejRRLejOhA1nKtyWCqkQeMtmdVKOg-dyvjSWwaBQFNejnumtiCd7nCLYNIQWkYbW54NKO-3fxfEwBIIGz-T7rswTDaXcQmMeyBJUka0Gc48Ex0jX/.../

http://dw.uptodown.com/dwn/zHADVrc0yG-PfQ9VJbXBYVddYNfv8oh88ddP0T0Ho5uNTCuzczM_gLOUH_RXJNNRcPxbd-KOU0iSr-A2Ejl3jQdwEfv7uR9rwZaSi07diUvNJUzhGptmI8zv5tIUJqEO/6bj7wo6nKWvdm-L0L3ELNT4HfKnicJjRwW7Nr9M2go647OF5ZW9PvLdAXw-bHDUbRmv6dxnfqxxpA2A4lZx4XH6k6JVAzQ8T7u_7m8IixM31A4Q_tliBZ2O25tGEYllU/jOHYlDaOZAIYs4fu05QR0QNz6VKqpAPFjjjS7JsP9X7YTCaqwpDFaMnrsPG8ReISbCSVdPbpZnznbNgBMJbd55HcmgK2-0F7Doe02Wk3XJi_gFZX7ttgASQbqmC8pRNv/.../

http://lb.cdn.m6web.fr/d/c/a/ab60ca33e34fdaac7f386ef2aa02d333/57e7e706/soft/.../rar-password-cracker_4-20_en_171956.exe

https://dw.uptodown.com/dwn/c6r7MZblWNCouwL4WWi-5iWk-T0221CzifNHfPVFGkvqqQ0XhLAa7JDPPtSq1-6acTYsVSk0fOxV8engNN-TYN-UwVqMd-aJXmdTzTZvS9IHk2Ok_B8-DWgo52VowINs/lIAc_J4yqpJlFtUrd-h386UOD8M3FGeNrwRsyhZp0vTXKSyOv9zzgGtOjByaUvB1hqj9kzOlFqMZO_zJZPF06XKyV4Bf1RirJ2aoJwK-_8aK62VnxC9-vLx6EEVskptQ/taTuoJv09AJQi0f6JiEkx2n3ndsSW05m1AC4RHGCipx67MtlkYoszcpDzfkDPyhPqODgvMsVzpq7lFwl2XRa7F2QS2q29BQEYidWusBAR-onLinuOZmGPVeBuBibHVQh/.../

https://dw.uptodown.com/dwn/RwDOD_ua-IsjPSVl7XwBwm1J2o8RAjZ1Lkjze6-HPLRzx4Dx2_y4OSO6KSUcaF1XGvSuDWYCfrr5RkeCNAigeFnSwuB3mMEJLEPKQfREECnCB9F6MTpAD-srOicbO9RB/BFJzdFK0SgSeejPStsx3y7HX8y8HhkUYNPb2tOJQubbpo6dJA3NQAeCfNTgLB1a0_FN9_c4z5q2GTR-wBZgY2J3m0mifD7ypbgDVyuujZFoXGi8mtaq0TI4a4XUBjCoc/XtsdikyT-W3l_vQ3loGD0AGmWl5rvpnk0tM-pkhSl8nxcXCtmnxtPnOlcBKUNcKu2d1isrm2Qd30LjJ6BHZqiW5P86Kf5sGlE544hH9TnFCeh_vo_3NC66APtPzUbWNH/.../

https://dw.uptodown.com/dwn/7Ftw4Ke7DYH5kSu_-_X1UDXK7I_duKw33ix6p2_huWPXe7O9wTQ-G5Pn6ZjIzK-rpfo36odfNswXTd-YmGr2vKcjvYgMxz8aRJU2VKlc24UFTHxJA8Iq-tgvffhuFSpC/7zFNj59blnOa7oSHQJ4KLcUfofIBdpR9ql199IFb83sYQmmOO6xOISUO8Uzg3tvD9J76NOAexT5lueZsH29ee-O6iXi7IGDv059A8yYTDamcDvYVsHL0ozfqiyrzNsLs/74fMQ6kUkl3AAc_XEQLb9bjE6TkhTXOx3O7tz64EU4m14HkJdc2EYPGcuX4UUXlLdEbQF1gKwo1DvtbKGvCivg67-rsP5zg2gaeL05MWA-4sJfcqtTTskf-VX80uuQrJ/.../

http://dw.uptodown.com/dwn/7py4gENjgrqZcW7eJSvHJL7pc2XHMxfNkl1DI6S-MWndBp5ohy-3l9oaHiXaRN3cOdz3sGkC8ZC6Vdak3xW_tVyJOBo6UH_WoFe3EdbKoPmIP5vaCkuG6kSJlBsbDAte/rLYzRhIooHQpU8_eWVEvMi-MOpmrDrezK5cYdK2XLtkrO2DMXaKOubuTRPPP1s3U6zvIQsQ9kgZPd7x6bNzpvWMbj6HJB5XMvzztCkGsLz4Rf1Hftt2fasUlUz7cNK8z/pC3IzjwSlcGHJengO-rkYPrMaj32JgfvSh0xPb8jOc00je3sXyDtMJB4yYXmdbHWF0Yh6ikWV7KFVoHy11oW4a3WMLBTd_N2XlYhYrR1afaZ-tdjOpbEzL1rQ3g81TE9/.../

https://dw.uptodown.com/dwn/462ja4PpdzXMdzzz0YfRykIMDmVMJkKalhZ_VfIhzP5j0jdBLQ0dqRRuU50uchb97AgVcH1nENl40VhKqv_AymezCbCKtTF-oWchSxl1NEGcLbK1TMNVyttKA3HfPkNb/KqdAeOvXGrNU8MCu1_l5bfMCJ5BRC6le4G1dswFKnjrAmHeeuAmNPcUAmhrEj6G7gYnTOViwOJlAYxbtiaJ0JWp0YREV1pdglxpRXZ15xenNhJFPc_DcJkT4dgV8NHwj/RlreZs27UOWeB7WoWOmXJM_SNbaQ9kOq9paxEKn12o2Q2eLVC4Yhej-zQHt_WRjBYKN715o_zvgZCaUO8wSo0UZqZx1UhZhpDaS_u_ZeaqS-5m_9DiEeLUw-26l3las7/.../

http://dw.uptodown.com/dl/1440287154/.../rar-password-cracker-4-20-en-win.exe

http://lb.cdn.m6web.fr/d/c/a/224be19d12173a050171172115a005d6/57dc6422/soft/.../rar-password-cracker_4-20_en_171956.exe

https://dw.uptodown.com/dwn/zCZ8MpDl2oFVMWaGQ0KiTAX2hcInxFnaihj3d5af-zzZZVyUfuIMEX885PadcaWv28ji7fRdPmhzQtFn0ueCJEqj-WC1cTM69ywFYiQQ_hXGc9hliEmSFcNILwth-aZq/El2iI2XqHuIP0ucvzbUdMq43cSCLZqWGvFaQd9lCppfyNEbbzSWP3TpMt1bpdUS2ZX45pVQ_HweFeGTVOEU78xeiPhBzRx2JfjV3HwzUDTZaMn-4X_WWiAZKk5WeMZwE/QaY_wU-Vqft5zemB81lVSrLBrl5HlFl38Qo0Ylyyxzz1xfQCdLmlowb4t5sBxZiB6ANzGY0j-ucIJjjMxuJJpTZiNbF2ybV4uV94mo1rdJCJi0FWvezTQT1GWkSyDi6F/.../

https://dw3.uptodown.com/dwn/m9n8PbsjsfV-q8QpwkDnmsNakyOouDYlrP__OYBFShA_sJYARCU_wHwJh4B_m5zHg2bU47JFNNBZ91jAxA1U_3VOzJviMVV03yUDYWAGobdONcBdgjGRMrzFOq8rcljn/JUQTBpCi2MRxsY3v4VT-7NhCmVNHkPGoeSr5UnxgTJQvkkFD2nMvNsDARRFxUcef9AfdtzfT_7SvnD0DUbKlD3UnExAQQOjh39tR4rA7xkfpKZAPBpzSqK98x_7ZLuZ9/oPG551TYu0S_0DKl89g9OuH7x2O7InvjjxLaJ7LUkrsM_6Vtk-z2txIqScu_YyW9l0L73_1dLtA44PAtYAgDiYx2_zSiMv5EcYhy7G3RZAt9FMmiXVVZKM5gCdA9DW1C/.../rar-password-cracker-4-20-en-win.exe

https://dw.uptodown.com/dwn/2ZWEJurI4aOlu6i7qTIfULZe1FpMBxyrgo1mBXJ4IhzaN0rHeC2v6lkaeBd95-3fvepBIXgGnOAMpVT2VBXTkPF0Ni5EHBnDiJVSeM1tVeks0fW6dEg_CJtHzoy5llUn/aOXB9wpoEF_mzQTupFQwe9PRi0L5TMkj8WQiTfwbk6jXEJI9mx0bRwGN7KBXmpytQvTPesPBRZwraFvtha1EvfOdQfFn8x2Sd-x76rBcCQiAy48QHqnmb2uNqaezRtLM/qTelCGuplpPiONVP5PRFya9ttUwzjkrgyf8-cI9nLbxnfoqZTSQT3RUDxMs0OG0ePq2VjkDqovAbhFWQ3GgUlko19J8d0iNxbwFe_cLKXEyahgwMDeuWd70UrP2UGcyk/.../

http://lb.cdn.m6web.fr/d/c/a/40b3b186866095577a932522bc9975bb/584c2af3/soft/.../rar-password-cracker_4-20_en_171956.exe

http://dw5.uptodown.com/dw/1443212353/.../rar-password-cracker-4-20-en-win.exe

https://dw.uptodown.com/dwn/VzecXK3TnErF8TzWOQgU_oj72gM5_UqtS-R_5wnGV647hzQARi0qZyKchXKOhuoWxOtzBepmPSECOhRgA0gfmS5LYT6kNhx-AuIT_uJnihoMptQEZWrwrGRfXXLefBIc/9N9FM0BjLmGFEYT_eWUf8rz501AubOotHCiZDsjRk4PhToJNdkhK3PApjo26eZINE7JkkSznzYAYFCcFFYp47pUOaTa1kmAQsJUi7DVPW6l_46ytCNCbQfiQts-GZciJ/RObxMxgwOFJMkZJ1yftuYRjL9C-8z0iRTd4ezKaE1g3_1PrtheE2FTxJ_NNh5phIV5CfbbuXNBp3dLjQdk0j8NmD0tccxLga0Vfwk-JhYn1Xbc_3xy73neC6JZFOGEmG/.../

http://dw.uptodown.com/dwn/t6QpD0qrFFOVOQ0_y9lqzjYLIgOdh5joFsvFvjapj8ve_rAF7ILT0Tl5RmaXuw9p_hm49fYP_vQnZAwhDxlWLj5hSamNzMG62A6h6_zO0ZV7O-BxNuvpM6G1ca-xb9lw/EGsTcOfiR6eIRWF0nFRXVAGVsKsmTV2Nsrv-553Njf8g7drTURcCZgxcJliGDbHCcVGCKC-v4v4f6em5pvNcs81Nmxfx89NDvH3T67Wwg1gpT4HquMwsCpffM_6UsSvZ/52nQfyG2OAooqo0EKkXfZADd-FL7tklahhLGQh69OW8JraddyVtb7P3aU3JsnoVAgS9z6nYxFtCMaXPQuBmCwHIVVd5pStPRDVoOiZzEeSVG64YzOmtQpvjxGHuLrt0w/.../

https://dw.uptodown.com/dwn/XkkqC2FIeRP848KckVJT5me36eh2eqzmwzEvXtNELTXfed8U1cyjTkD9FNXmrNjcCMslJz_QKRX9PCDZtZoWiJgyTvL462Si1MSsZtMt6iA1R5mrHw65TZsB0f4D52MV/lHPEwCl5yupkivUlwI0Y0fMmol7lFAeToyhld-l1dQGsNOH_AJHNCtIZMhqgKbRKXRBmoplYj7Sgg2y0u0RziQG0GlGLppkZTaAczTBusxZomBcyPuhnkNoviityXmDi/T5qRnGCACgF_5CWg_7Uu63UBRVoV_sjxtcJ6NU-2otw9eyJAXLLFcXuu9nHKKuxAFerlUnry-yeeB5GyCJZ5c8DMDW0h9GbeQgDSgPFVPlMMtmQdHyyY26v7HERBDiNc/.../

https://dw.uptodown.com/dwn/8TYNTuy3W-JuH07UsqGxbTe5vyluh0XtqQ3MMpnJ6VuMkKICwrRSEF0IrBvTU00VEKpLicgzanCFgJyIo0U1OwQax02D-3JrNcH3fYWprCrt2RgBDkolbcUpxRKsLhFS/frofSoBnLZxBiZvpytY7bmx2pxXh_yUIMwg_BX6gHfpdrqCnQ0ShCH8PesSFxj7K_FI_443f0szJ_btYWFCiIHwFJd77dpREmSRIkszAZT3LYyOdY1Wb4iHvaiYB2Bb_/HmcEgabp-KNU1jd_6BR-yaQ6Hb3sKnl09FDIe2lvEKYej7RTiDh3b6ARgXdu2qB0fu3IVYx01UetqY051mWfg3OavMHuncd-yU6ogoM3w-OQgEW0baK0WQGB50Yb-GeA/.../

http://dw.uptodown.com/dl/1422118566/.../rar-password-cracker-4-20-en-win.exe

https://dw.uptodown.com/dwn/xV22zlHX1Ze0PBPJi7qLLiZ5oiIfw6mrtbDACCPGso35-Z7hvGwRL97SobmCiJF9o5_YEcr5fQGY0083UGb6iEpweIV2ooUidNvNR3CaxeGN4TT6nJybKDx5tKGL-pqA/aXKjLkGoQ3uLuM2jeePeXJHzP1Zv5SSwHdHSiUp49Id-9ED92GkD9Cbg8lBNU2MjXklmq8X800rrmssFS3rvlBYhmWLcpyv8_wf7cTPNT4z9RUXnyKYwc5Lhb7yBglPj/golgE3o5aIA2tMEj77lxPT5CJQ7yJH6o-33HGGZ9RVEwvsMtb6QkZTCp3EmSVgs2VWBtVDcx5Qc1d6fZnqrkaMr8LGjtCzFGcT_IqP8eXFyCYKmXKdMO9HC2vb0EBPb6/.../

http://dw.uptodown.com/dwn/k3hx_Hy4_hpm__oCpfx7fdGxVExzXHVSZOHTkchtqeMsB35NDnxQNPJNpst0A_EYGJ-tf9Rt6WeItfX4repglTw7qjLU23XjFIruB8O5QsV38djBrJTG_czE3cN0RXcU/kSO8m6gE1dpreuOlqvti4tY7RdVWlv4Go2E6As3imQr_812NlUO_9UFFXtekW7E74p7kpXB3KZ3rJ1sN6gYuMW_jnCVYly6XSbvv9K4IuiFB8gXUsS6ZdJAACeBW2mWf/MU3vC_PSwZmeBd5QE99t-SxV8f-6o6N9I-g6mQCW2UcN8T7FbdB3biZ5Q6MO3Pevtjyzbny0yLbhS2_7_6-HLLlOI4_5jSj2neoVVqhiEvaPrZgq1hFXkpk36cBXSePo/.../

http://dw.uptodown.com/dwn/x3wLT8A1hbHw-b2jbcO_FIS_wnYxFa_BCPYr9eXlXup3WHdmF_6Ge8vaOmY_qxTj6aYaBiAp-loQhL6pOUDUWdeW50dhadnF0QbP7tKitrRbKxToYxf_wmTbjODr1qAP/dyZJCDgBK6se02ICSpCVmtKYy1HOA4qAyH3dDDxngtvnkJ4e8pprYB4DvsXLj6nFtFdRKxdQkjTlnbwldyEH2sUzkRjB8JvcZN2XcTMiLQ6yt4oVwi5YFsu_dNzoxSKq/OGAF3O2xnZvERNzx83x3InurvUHPn3MD08E6sUJ-vyIW5AvCwn15ogYZpoqxKMkHbyvqsjk2mtYyTcXLxLyTBU6D5FLqQO1xxv5D_WvVJWaEQTSOWRKxI1V9H0tESrbP/.../

http://lb.cdn.m6web.fr/d/c/a/9927763c836792a22a310b586d68a7ff/57321638/soft/.../rar-password-cracker_4-20_en_171956.exe

Latest 30 of 71 download URLs

Remove rpc420_setup.exe - Powered by Reason Core Security