setup_winrar.exe

WinRar

The executable setup_winrar.exe, “WinRar Setup ” has been detected as malware by 22 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from dc385.4shared.com.
Publisher:
WinRar

Product:
WinRar

Description:
WinRar Setup

MD5:
5d8b9844e602ec50855e1eca1f7d803c

SHA-1:
77bebcc1b3762258361a46aab1d737f19baf0c46

SHA-256:
e5339d7d1a356b0898b26f06bf175206a6494464fb7a0304144e20568be1d494

Scanner detections:
22 / 68

Status:
Malware

Analysis date:
4/8/2025 11:19:47 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Downloader/Win32.VB
2011.11.14

Avira AntiVirus
TR/Dldr.Troxen.457
7.11.17.163

avast!
Win32:Trojan-gen
2014.9-160717

AVG
Downloader.Generic8
2017.0.2680

Dr.Web
Trojan.DownLoad1.1603
9.0.1.0199

Emsisoft Anti-Malware
Trojan.Win32.VB!IK
8.16.07.17.01

ESET NOD32
Win32/TrojanDownloader.VB.KWYJLQG (variant)
10.6629

Fortinet FortiGate
W32/VB.OLS!tr.dldr
7/17/2016

F-Secure
Gen:Trojan.Heur.VB.cm0@diLLFhhi
11.2016-17-07_1

G Data
Gen:Trojan.Heur.VB.cm0@diLLFhhi
16.7.22

IKARUS anti.virus
Trojan.Win32.VB
t3scan.1.1.109.0

Kaspersky
Trojan-Downloader.Win32.VB
14.0.0.-105

McAfee
Artemis!5D8B9844E602
5600.6336

Microsoft Security Essentials
TrojanDownloader:Win32/Troxen!rts
1.163.1557.0

Norman
W32/Suspicious_Gen2.JBBUK
11.20160717

Panda Antivirus
Trj/CI.A
16.07.17.01

Rising Antivirus
Trojan.Win32.Generic.124C096A
23.00.65.16715

Sophos
Mal/Generic-L
4.71

Trend Micro House Call
TROJ_GEN.USCNI29
7.2.199

Trend Micro
TROJ_GEN.USCNI29
10.465.17

Vba32 AntiVirus
TrojanDownloader.VB.ols
3.12.16.4

VIPRE Antivirus
Trojan.Win32.Generic
11049

File size:
2.3 MB (2,440,457 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup_winrar.exe

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:v2I3b5i5fB2V57wYSfxMgLwmX2IVlhzCiZqaV:uy5XBwYSJMLIVlP5

Entry address:
0x9A58

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 6E, 96, FF, FF, E8, 75, A8, FF, FF, E8, A0, CA, FF, FF, E8, E7, CA, FF, FF, E8, 0E, F3, FF, FF, E8, 75, F4, FF, FF, 33, C0, 55, 68, 0B, A1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, D4, A0, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 02, FA, FF, FF, 8D, 55, F0, 33, C0, E8, AC, D0, FF, FF, 8B, 55, F0, B8, E4, CD, 40, 00, E8, 1F, 97, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E4, CD, 40, 00, B2, 01, B8...
 
[+]

Entropy:
7.9960

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36.5 KB (37,376 bytes)

The file setup_winrar.exe has been seen being distributed by the following URL.

Remove setup_winrar.exe - Powered by Reason Core Security