winrar-5.30-free.exe

The executable winrar-5.30-free.exe has been detected as malware by 29 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from dla.uloz.to.
MD5:
5924eea3ef0065c46d1cff373ee14025

SHA-1:
485477a0a40525dfb8a5547b2e0887ecefc4e156

SHA-256:
bb39af28e26df5fafb2dc41bba5a9062674df34691f1c294eb3cd27c4bed3f40

Scanner detections:
29 / 68

Status:
Malware

Analysis date:
11/23/2024 2:58:52 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.790591
180

AegisLab AV Signature
Troj.Spy.MSIL.Zbot
2.1.4+

Avira AntiVirus
TR/Krypt.166912.94
8.3.2.4

Arcabit
Trojan.Kazy.DC103F
1.0.0.646

avast!
Win32:Malware-gen
2014.9-160808

AVG
PSW.ILUSpy
2017.0.2658

Bitdefender
Gen:Variant.Kazy.790591
1.0.20.1105

Bkav FE
W32.BeloseaC.Trojan
1.3.0.7400

Dr.Web
Trojan.DownLoader18.23009
9.0.1.0221

Emsisoft Anti-Malware
Gen:Variant.Kazy.790591
8.16.08.08.10

ESET NOD32
MSIL/Kryptik.DJT (variant)
10.12943

Fortinet FortiGate
MSIL/Kryptik.DJT!tr
8/8/2016

F-Prot
W32/MSIL_Troj.CT.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Kazy.790591
11.2016-08-08_2

G Data
Gen:Variant.Kazy.790591
16.8.25

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-217

McAfee
Artemis!A9A7218EBBDD
5600.6314

Microsoft Security Essentials
Backdoor:MSIL/Bladabindi
1.1.12400.0

MicroWorld eScan
Gen:Variant.Kazy.790591
17.0.0.663

NANO AntiVirus
Trojan.Win32.DownLoader18.dzvkbi
1.0.14.5798

Panda Antivirus
Trj/CI.A
16.08.08.10

Qihoo 360 Security
QVM41.1.Malware.Gen
1.0.0.1077

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16806

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Bladabindi
8972

Total Defense
Win32/Armax.OVKTQIB
37.1.62.1

Trend Micro House Call
TROJ_GE.4EE7BE1C
7.2.221

VIPRE Antivirus
Trojan.Win32.Generic
46826

ViRobot
Backdoor.Win32.A.Bifrose.40448.L[h]
2014.3.20.0

File size:
1.7 MB (1,815,529 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\winrar-5.30-free.exe

File PE Metadata
Compilation timestamp:
3/17/2005 11:31:50 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:b1dlZo93EQuSfC17TAKTqB5XYqFudtEV+vP3TWtv5V:b1dl2tWSfC1gmqJudkAPTWthV

Entry address:
0x7481

Entry point:
55, 8B, EC, 6A, FF, 68, F0, E7, 40, 00, 68, C4, AD, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 84, E0, 40, 00, 33, D2, 8A, D4, 89, 15, E0, 52, 41, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, DC, 52, 41, 00, C1, E1, 08, 03, CA, 89, 0D, D8, 52, 41, 00, C1, E8, 10, A3, D4, 52, 41, 00, 33, F6, 56, E8, F6, 23, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 16, 02, 00, 00, FF, 15, 80, E0, 40, 00, A3, E4, 69, 41, 00, E8...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
52 KB (53,248 bytes)

The file winrar-5.30-free.exe has been seen being distributed by the following URL.

Remove winrar-5.30-free.exe - Powered by Reason Core Security