» WinRAR.exe
Overview
Analysis
File Details
Behaviors (2)
Programs (5)
Downloads (5)

WinRAR.exe

WinRAR

win.rar GmbH

WinRAR provides the full RAR and ZIP file support, can decompress CAB, GZIP, ACE and other archive formats. It runs as a scheduled task under the Windows Task Scheduler. This is installed with multiple programs including WinRAR 5.31 (32-bit) and WinRAR archiver.

File name:

WinRAR.exe

Publisher:

Alexander Roshal (signed by win.rar GmbH)

Product:

WinRAR

Description:

WinRAR archiver

Version:

5.1.0

MD5:

746bd4ce1110823063e68bb61a24ea28

SHA-1:

02e17ba1a21a2180de9fe83d18620294ebad4084

SHA-256:

e77143c5f17500effe2efe215777142d006bbed3313bf0a33bd3c1672e66b180

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/22/2024 9:24:01 PM UTC (today)

File size:

1.2 MB (1,239,640 bytes)

Product version:

5.1.0

Original file name:

WinRAR.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\winrar\winrar.exe

Digital Signature

Signed by:

win.rar GmbH

Authority:

COMODO CA Limited

Valid from:

6/13/2013 1:00:00 AM

Valid to:

6/14/2015 12:59:59 AM

Subject:

CN=win.rar GmbH, O=win.rar GmbH, STREET=Schumannstr. 17, L=Berlin, S=Berlin, PostalCode=10117, C=DE

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

75953FA54DD12DD9CA6B948C17BFD67C

File PE Metadata

Compilation timestamp:

12/1/2013 8:07:35 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:paTlRWI799VGQsoidUMpkmOxP++Y34IyI7MMMMMMGktI:pWfspkJP+7II3MMMMMMpO

Entry address:

0xC6F39

Entry point:

E8, 90, 8C, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, A0, A0, 58, 00, 89, 0D, 9C, A0, 58, 00, 89, 15, 98, A0, 58, 00, 89, 1D, 94, A0, 58, 00, 89, 35, 90, A0, 58, 00, 89, 3D, 8C, A0, 58, 00, 66, 8C, 15, B8, A0, 58, 00, 66, 8C, 0D, AC, A0, 58, 00, 66, 8C, 1D, 88, A0, 58, 00, 66, 8C, 05, 84, A0, 58, 00, 66, 8C, 25, 80, A0, 58, 00, 66, 8C, 2D, 7C, A0, 58, 00, 9C, 8F, 05, B0, A0, 58, 00, 8B, 45, 00, A3, A4, A0, 58, 00, 8B, 45, 04, A3, A8, A0, 58, 00, 8D, 45, 08, A3, B4, A0, 58... 
[+]

Entropy:

6.4305

Code size:

858.5 KB (879,104 bytes)

Scheduled Task

Task name:

{AE53C959-061D-4201-AC70-3ADFAD4023D3}

Trigger:

Registration (Runs on registration)

Shell Open Command

Open type:

WinRAR

Command:

"C:\Program Files\winrar\winrar.exe" "%1"

The file WinRAR.exe has been discovered within the following programs.

Archiveur WinRAR by win.rar GmbH

Publisher's description - “WinRAR is a powerful archive manager. It can backup your data and reduce the size of email attachments, decompress RAR, ZIP and other files downloaded from Internet and create new archives in RAR and ZIP file format. ”

www.rarlab.com

11% remove it

WinRAR by win.rar GmbH

WinRAR is a shareware file archiver and data compression utility that is able to create RAR archives natively. WinRAR supports RAR (WinRAR native conversion format) and ZIP archives, and unpacking of ARJ, LZH, TAR, GZ, ACE, UUE, BZ2, JAR, ISO, EXE, 7z, and Z archives.

4% remove it

WinRAR 4.00 (32-bit) by win.rar GmbH

Version 4.00 speeds up decompression by up to 30%. Windows 98, Windows Me, and Windows NT are no longer supported; the minimum Windows version required is Windows 2000. WinRAR is a shareware file archiver and data compression utility that is able to create RAR archives natively.

1% remove it

WinRAR 5.31 (32-bit) by win.rar GmbH

3% remove it

WinRAR archiver by win.rar GmbH

WinRAR archiver is a shareware file archiver that is able to create RAR archives natively.

12% remove it

The file WinRAR.exe has been seen being distributed by the following 5 URLs.

ftp://ftp.pgu.ac.ir/Utility/winrar.5.01.final/WinRAR.5.01.Portable/App/.../WinRAR.exe

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_3_30618_ACTsw0MAABBFVaz66AR4iB5XrUk&fid=Draft&pid=2&clean=0&appid=YahooMailNeo

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_2_56818_AD7sw0MAABpCVfkyAgGaKOnuc w&fid=Sent&pid=2&clean=0&appid=YahooMailNeo&ymreqid=55940e15-18d6-57b6-0144-010203010000

about:internet

http://cdn.mlndownloads.com/?ic_user_id=956

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.