home

winrar-x64-520.exe

win.rar GmbH

This is a setup program which is used to install the application. The file has been seen being downloaded from d1.usercdn.com and multiple other hosts.
Publisher:
win.rar GmbH  (signed and verified)

MD5:
6158a1045c148df1aaddce15091362f3

SHA-1:
543c197b1f39fc68d2b200802c5191eeeafc073a

SHA-256:
9b632e25a2cb0503c58799b3c61b75cecbb1be54bcd3cb8368a0b88d71e50939

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 1:30:51 AM UTC  (today)

File size:
1.9 MB (1,941,064 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\downloads\winrar-x64-520.exe

Digital Signature
Signed by:
win.rar GmbH

Authority:
COMODO CA Limited

Valid from:
6/13/2013 7:00:00 AM

Valid to:
6/14/2015 6:59:59 AM

Subject:
CN=win.rar GmbH, O=win.rar GmbH, STREET=Schumannstr. 17, L=Berlin, S=Berlin, PostalCode=10117, C=DE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
75953FA54DD12DD9CA6B948C17BFD67C

File PE Metadata
Compilation timestamp:
12/2/2014 5:07:44 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:1fXAXMnxLXUqTnzsj9Oo/nR/0atSQC3xPg1:1/M6RNTzqPnRPS41

Entry address:
0x21B5C

Entry point:
48, 83, EC, 28, E8, 2F, 65, 00, 00, 48, 83, C4, 28, E9, 12, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 6C, 24, 10, 48, 89, 74, 24, 18, 57, 48, 83, EC, 20, 49, 8B, E8, 48, 8B, F2, 48, 8B, D9, 48, 85, C9, 75, 05, E8, 81, 1A, 00, 00, 48, 63, 43, 18, 8B, 7B, 14, 48, 03, 46, 08, 75, 05, E8, 6F, 1A, 00, 00, 33, C9, 85, FF, 74, 33, 4C, 8B, 4E, 08, 4C, 63, 43, 18, 4B, 8D, 14, 01, 48, 63, 02, 49, 03, C1, 48, 3B, E8, 7C, 0A, FF, C1, 48, 83, C2, 08, 3B, CF, 72, EB, 85, C9, 74, 0E, 8D, 41, FF, 49, 8D, 14, C0, 42...
 
[+]

Code size:
184.5 KB (188,928 bytes)

The file winrar-x64-520.exe has been seen being distributed by the following 50 URLs.

https://d1.usercdn.com/d/.../winrar520_[x64].exe

http://api2.tenlua.vn/filemanager/builddownload/.../?hash=513fbc78b5023f524964707a30a078d82626aed0fb18af4fe26d95689f40544d622079f8e76d2fb11522fef013731b514a2815ceade24f2e6b5ec24bef9fd982da9bfa9f8e5eddf7f6263400e8128665c412822aa9501f6f821a30ca1f7f3cffff30bc211f085c9f90ffed795a2cc176bd6db40154156d77153b38c59bf1f577b89e44667032be9b722e85788cc633fa&url=0b3da36fa30172185e33316174fd75853636b390ad53eb4dee2a8862c5410f&down=0b3da36fa30172185e33316174fd75853636b390ad53fc56f8369064ca4249102d25

http://filehippo.com/download/file/.../

http://www.filepuma.com/file/1417753113c7618/winrar_64bit_5.20/.../0/

http://filehippo.com/it/download/file/.../

http://file.dl1.svit.vn/download/54040c11/06a269b6c89cdcde71ebbce6f97d7abf/2014/.../SinhVienIT.Net--winrar-x64-520.exe

https://www.winrar.es/.../101?PHPSESSID=150d07552bbb1c2b0de97c35d8ef68c7

http://api2.tenlua.vn/filemanager/builddownload/.../?hash=1228a479e4492e01486d6a766dfd6a8a2539ad93a009a101bc39953c9e41174d622079f8e76d2fb11522fef013731b514a2815ceade24f2e6b5ec24bef9fd982da9bfa9f8e5eddf7f6263400e8128665c412822aa9501f6f821a30ca1f7f3cffff30bc211f085c9f90ffed795a2cc176bd6db40154156d77153b38c59bf1f577b89e44667032be9b722e85788cc633fa&url=0b3da36fa30172185e33316174fd75853636b390ad53eb4da0&down=0b3da36fa30172185e33316174fd75853636b390ad53fc55a0&jump_type=download&file=sinhvienit.net-winrar-x64-520.exe

http://www.bin.ge/getfilee.php?id=66C16705&access_key=MmEyOTQzZjgxMDUxZmJmODA3MGYxZThmOTAzYTgxMmVkYTY4YjNhM2ZlOTdkZjFiMzk3Y2RlMTVlZTdhM2NmMTI4&captcha=393837

http://www.filehippo.com/download/file/.../

http://filehippo.com/pl/download/file/.../

https://docviewer.yandex.ru/source?id=22u5y-8gvsal4yvboroqdc5pvgvu7519ggpzpdq3vfmuwy5d4ajbrkxs59dq2myrab4ewryduuo4iwrr318m24zalqhz516rxc0hjizop&archive-path=//.../mXERFILQ==&name=The Slider WinRar.zip

http://filehippo.com/download/file/.../

https://doc-0o-bk-docs.googleusercontent.com/docs/securesc/pirejdajkgugr7b15fonmarp6tsftt88/k6v3cvf5pc945kcgg2uj8idg7fo9e9pl/1482868800000/00292899524071449422/.../0B5qPD8aUX7hVVXl3V2FWZXNYX2c?e=download

http://i.download.idg.pl/fannef/ea05d07f0ad22a7bf2e3068733b20d5d/564e224c//vol2/w95/archiv/winrar/.../winrar-x64-520.exe

http://filehippo.com/download/file/.../

http://filehippo.com/download/file/.../

http://api2.tenlua.vn/filemanager/builddownload/.../?hash=083be779a35a34065d70687c6bfa6ddb2c61fb8afa10a00ce4349f67c6161208622079f8e76d2fb11522fef013731b514a2815ceade24f2e6b5ec24bef9fd982da9bfa9f8e5eddf7f6263400e8128665c412822aa9501f6f821a30ca1f7f3cffff30bc211f085c9f90ffed795a2cc176bd6db40154156d77153b38c59bf1f577b89e44667032be9b722e85788cc633fa&url=0b3da36fa30172185e33316174fd75853636b390ad53eb4da0&down=0b3da36fa30172185e33316174fd75853636b390ad53fc55a0&jump_type=download&file=sinhvienit.net-winrar-x64-520.exe

http://file.dl1.svit.vn/download/54040c11/f9ff733f933a3705496806afc7cfef7e/2014/.../SinhVienIT.Net--winrar-x64-520.exe

https://www.netzmechanik.de/dl/.../winrar-x64-520.exe

http://filehippo.com/download/file/.../

http://www.filepuma.com/file/1423782617c7618/winrar_64bit_5.20/.../0/

http://www.bin.ge/getfilee.php?id=66C16705&access_key=YzA4M2JjNDBmNDgwOTFlZjc2OTJjYjMwMTRhZTk1MWEwOGZiMWIxZDgyM2E5YjUyOWU4MGNjMTg0MTc0NjliMDI3&captcha=323834

https://mega.nz/temporary/.../0cNhxBSS

http://filehippo.com/download/file/.../

http://api2.tenlua.vn/filemanager/builddownload/.../?hash=163bb371a659355e1c66372d61e8299a2b3da5d7b044fe0bff3d8f7fc71e1418622079f8e76d2fb11522fef013731b514a2815ceade24f2e6b5ec24bef9fd982da9bfa9f8e5eddf7f6263400e8128665c412822aa9501f6f821a30ca1f7f3cffff30bc211f085c9f90ffed795a2cc176bd6db40154156d77153b38c59bf1f577b89e44667032be9b722e85788cc633fa&url=0b3da36fa30172185e33316174fd75853636b390ad53eb4da0&down=0b3da36fa30172185e33316174fd75853636b390ad53fc55a0&jump_type=download&file=sinhvienit.net-winrar-x64-520.exe

https://www.winrar.es/.../101?PHPSESSID=578bfc7cf277ac7d5567b50b4f4da036

http://www.filehippo.com/download/file/.../

http://download1498.mediafire.com/7att4aucgjqg/.../WinRar (x64) v5.20.exe

http://filehippo.com/download/file/.../

Latest 30 of 205 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.