» winrar-x64-500es.exe
Overview
Analysis
File Details
Downloads (14)

winrar-x64-500es.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from mega.co.nz and multiple other hosts.

File name:

MD5:

1b61ed4deedd2d54276b22af9d0a9f36

SHA-1:

e56fd12b5a0c8e0fe46d6cfa1f83a7f460477985

SHA-256:

e36ea570e04c1904f32043a00a4222682c644eadfff43227fa3b43a566678413

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

11/27/2024 1:22:46 AM UTC (today)

Scan engine

Detection

Engine version

Trend Micro House Call

TROJ_GEN.F47V0912

7.2.116

File size:

2 MB (2,049,198 bytes)

File type:

Executable application (Win64 EXE)

File PE Metadata

Compilation timestamp:

8/22/2013 3:00:53 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:aIp7+UR2moedNovejzsedSPMl67T/qm6luAr7dxr8x:rXu+iGjpcaCTExr8x

Entry address:

0x220FC

Entry point:

48, 83, EC, 28, E8, 2F, 57, 00, 00, 48, 83, C4, 28, E9, 12, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 6C, 24, 10, 48, 89, 74, 24, 18, 57, 48, 83, EC, 20, 49, 8B, E8, 48, 8B, F2, 48, 8B, D9, 48, 85, C9, 75, 05, E8, 81, 1A, 00, 00, 48, 63, 43, 18, 8B, 7B, 14, 48, 03, 46, 08, 75, 05, E8, 6F, 1A, 00, 00, 33, C9, 85, FF, 74, 33, 4C, 8B, 4E, 08, 4C, 63, 43, 18, 4B, 8D, 14, 01, 48, 63, 02, 49, 03, C1, 48, 3B, E8, 7C, 0A, FF, C1, 48, 83, C2, 08, 3B, CF, 72, EB, 85, C9, 74, 0E, 8D, 41, FF, 49, 8D, 14, C0, 42... 
[+]

Code size:

172.5 KB (176,640 bytes)

The file winrar-x64-500es.exe has been seen being distributed by the following 14 URLs.

https://mega.co.nz/temporary/.../K0A1BSrT

https://onedrive.live.com/download.aspx?cid=F9BA111DB4270646&authKey=!AH0VLMB3Frolfls&resid=F9BA111DB4270646!182132&ithint=.exe

https://mega.co.nz/temporary/.../fpgR1S4D

chrome-extension://bigefpfhnfcobdlfbedofhhaibnlghod/persistent/.../m4oVVJhA

http://download1349.mediafire.com/92u6xmvg9qog/.../WinRAR_v5_00_x64.exe

https://mega.nz/temporary/.../mwYQjaTL

blob:1867B751-5FD9-4401-A3A0-6856A2D2DD10

https://mega.co.nz/temporary/.../IIUGVYaD

http://download1102.mediafire.com/2xa4pc1mrdyg/.../WinRAR_v5_00_x64.exe

https://mega.nz/persistent/.../m4oVVJhA

temp:WinRAR v5.0 x64.exe

https://mega.co.nz/temporary/.../m4oVVJhA

https://mega.nz/temporary/.../cwokHJ5D

https://mega.nz/temporary/.../m4oVVJhA

Scan winrar-x64-500es.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.