winrar.5.20.final_x32.exe

The application winrar.5.20.final_x32.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. The program is a setup application that uses the Self-extracting archive installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from dl3.downloadsoftware.ir.
MD5:
7a0b169db7c0ae057af358d39922d245

SHA-1:
5a9ad5238f53b69d3a3a42fea302933e012f2a83

SHA-256:
d34188742e7ef02c5627d7cd177b32394a0c25d11202ae7acbb7e89962e08fe3

Scanner detections:
22 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 1:52:47 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUP.Agent
7.1.1

Avira AntiVirus
SPR/Tool.Keygen.8903
7.11.211.166

avast!
Win32:Malware-gen
2014.9-160628

AVG
Crack
2017.0.2698

Baidu Antivirus
Hacktool.Win32.Keygen
4.0.3.16628

Comodo Security
UnclassifiedMalware
21139

ESET NOD32
Win32/Keygen.AI potentially unsafe (variant)
10.11204

Fortinet FortiGate
W32/Keygen.AI
6/28/2016

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.197.15026

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.-13

McAfee
Artemis!7A0B169DB7C0
5600.6354

Microsoft Security Essentials
1.1.11400.0

NANO AntiVirus
Trojan.Win32.MYKB2132.dfsumu
0.30.0.126

Norman
Hacktool.A!genr
11.20160628

Panda Antivirus
Trj/CI.A
16.06.28.04

Qihoo 360 Security
HEUR/QVM41.1.Malware.Gen
1.0.0.1015

Quick Heal
HackTool.Keygen.r2 (Not a Virus)
6.16.14.00

Sophos
Mal/KeyGen-M
4.98

Trend Micro House Call
TROJ_SPNR.08DR14
7.2.180

Trend Micro
TROJ_SPNR.08DR14
10.465.28

VIPRE Antivirus
HackTool.Win32.Keygen
37714

File size:
2 MB (2,086,481 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Self-extracting archive

Common path:
C:\users\{user}\downloads\winrar.5.20.final_x32.exe

File PE Metadata
Compilation timestamp:
12/1/2013 11:38:23 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:AuVhwAceL4zRtQHBuSBgK9qCRga1lROlrq6Y1:AMhwNo4zRtQHBuSyKMIgO3OJq

Entry address:
0x1D728

Entry point:
E8, F0, 57, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 05, FD, FF, FF, C7, 06, E4, 81, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, E4, 81, 42, 00, E9, BA, FD, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, E4, 81, 42, 00, E8, A7, FD, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, D1, C9, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Entropy:
7.9644  (probably packed)

Code size:
149.5 KB (153,088 bytes)

The file winrar.5.20.final_x32.exe has been seen being distributed by the following URL.

Remove winrar.5.20.final_x32.exe - Powered by Reason Core Security