winrar-v5.30-per-actev.exe

The application winrar-v5.30-per-actev.exe has been detected as a potentially unwanted program by 27 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from uloz.to.
MD5:
448e8a1323d11e4b3ab571d0b1673249

SHA-1:
b3e626df014410c55692cbf920b35e5767302974

SHA-256:
d718fd3ff1e57792d979851fdc3dc42d198da03b71d010c6cc3a2b79161c0491

Scanner detections:
27 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 5:59:33 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.66407
214

Avira AntiVirus
TR/Krypt.fksh
8.3.3.4

Arcabit
Trojan.Strictor.D10367
1.0.0.669

avast!
AutoIt:Runner-AX [PUP]
2014.9-160704

AVG
Atros3
2017.0.2692

Baidu Antivirus
Win32.Trojan-Dropper.Autoit
4.0.3.1674

Bitdefender
Gen:Variant.Strictor.66407
1.0.20.930

Bkav FE
W32.HfsAtITIST
1.3.0.7744

Dr.Web
Trojan.MulDrop6.18286
9.0.1.0186

Emsisoft Anti-Malware
Gen:Variant.Strictor.66407
8.16.07.04.01

ESET NOD32
Win32/TrojanDropper.Autoit.AP
10.13346

Fortinet FortiGate
W32/Autoit.AP!tr
7/4/2016

F-Secure
Gen:Variant.Strictor.66407
11.2016-04-07_2

G Data
Gen:Variant.Strictor.66407
16.7.25

IKARUS anti.virus
Backdoor.Win32.DarkKomet
t3scan.2.0.9.0

Kaspersky
Trojan-Dropper.Win32.FrauDrop
14.0.0.-43

McAfee
Artemis!448E8A1323D1
5600.6348

Microsoft Security Essentials
Trojan:Win32/Dynamer!ac
1.1.12603.0

MicroWorld eScan
Gen:Variant.Strictor.66407
17.0.0.558

NANO AntiVirus
Trojan.Win32.Krypt.ebehiq
1.0.30.7834

nProtect
Trojan.GenericKD.3119537
16.04.15.01

Panda Antivirus
Trj/Autoit.gen
16.07.04.01

Qihoo 360 Security
HEUR/QVM10.1.0000.Malware.Gen
1.0.0.1120

Quick Heal
Trojan.Dynamer.r4
7.16.14.00

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GE.7560D077
7.2.186

VIPRE Antivirus
Trojan.Win32.Generic
48688

File size:
2.8 MB (2,929,152 bytes)

File type:
Executable application (Win32 EXE)

Language:
Anglictina (Spojené království)

Common path:
C:\users\{user}\downloads\winrar-v5.30-per-actev.exe

File PE Metadata
Compilation timestamp:
3/21/2016 4:11:23 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:lw80cTsjkWajgK+ZcusvSByoMwBYcfMY/Knrr3nOSQjGzpR0fzeWgq72ZZFSpQKf:S8sjk8LRjf/i/3eG0f6Wz2ZZFw

Entry address:
0x27F4A

Entry point:
E8, B8, D0, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, FC, 31, 4C, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 24, E3, 4B, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, FC, 31, 4C, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00...
 
[+]

Code size:
567.5 KB (581,120 bytes)

The file winrar-v5.30-per-actev.exe has been seen being distributed by the following URL.

Remove winrar-v5.30-per-actev.exe - Powered by Reason Core Security