winrar-x64-500es.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from mega.co.nz and multiple other hosts.
MD5:
1b61ed4deedd2d54276b22af9d0a9f36

SHA-1:
e56fd12b5a0c8e0fe46d6cfa1f83a7f460477985

SHA-256:
e36ea570e04c1904f32043a00a4222682c644eadfff43227fa3b43a566678413

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/29/2024 5:44:40 AM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
TROJ_GEN.F47V0912
7.2.116

File size:
2 MB (2,049,198 bytes)

File type:
Executable application (Win64 EXE)

File PE Metadata
Compilation timestamp:
8/22/2013 3:00:53 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:aIp7+UR2moedNovejzsedSPMl67T/qm6luAr7dxr8x:rXu+iGjpcaCTExr8x

Entry address:
0x220FC

Entry point:
48, 83, EC, 28, E8, 2F, 57, 00, 00, 48, 83, C4, 28, E9, 12, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 6C, 24, 10, 48, 89, 74, 24, 18, 57, 48, 83, EC, 20, 49, 8B, E8, 48, 8B, F2, 48, 8B, D9, 48, 85, C9, 75, 05, E8, 81, 1A, 00, 00, 48, 63, 43, 18, 8B, 7B, 14, 48, 03, 46, 08, 75, 05, E8, 6F, 1A, 00, 00, 33, C9, 85, FF, 74, 33, 4C, 8B, 4E, 08, 4C, 63, 43, 18, 4B, 8D, 14, 01, 48, 63, 02, 49, 03, C1, 48, 3B, E8, 7C, 0A, FF, C1, 48, 83, C2, 08, 3B, CF, 72, EB, 85, C9, 74, 0E, 8D, 41, FF, 49, 8D, 14, C0, 42...
 
[+]

Code size:
172.5 KB (176,640 bytes)

The file winrar-x64-500es.exe has been seen being distributed by the following 14 URLs.

https://mega.co.nz/temporary/.../K0A1BSrT

https://onedrive.live.com/download.aspx?cid=F9BA111DB4270646&authKey=!AH0VLMB3Frolfls&resid=F9BA111DB4270646!182132&ithint=.exe

https://mega.co.nz/temporary/.../fpgR1S4D

chrome-extension://bigefpfhnfcobdlfbedofhhaibnlghod/persistent/.../m4oVVJhA

http://download1349.mediafire.com/92u6xmvg9qog/.../WinRAR_v5_00_x64.exe

https://mega.nz/temporary/.../mwYQjaTL

blob:1867B751-5FD9-4401-A3A0-6856A2D2DD10

temp:WinRAR v5.0 x64.exe

Scan winrar-x64-500es.exe - Powered by Reason Core Security