home

WinRAR.exe

WinRAR

win.rar GmbH

WinRAR provides the full RAR and ZIP file support, can decompress CAB, GZIP, ACE and other archive formats. This is a setup program which is used to install the application. The file has been seen being downloaded from s6155.chomikuj.pl and multiple other hosts.
Publisher:
Alexander Roshal  (signed by win.rar GmbH)

Product:
WinRAR

Description:
Archiwizer WinRAR

Version:
5.0.0

MD5:
e82b7e420741a9ebe4c3047dd71440f9

SHA-1:
48ad760ac52618dec5264feba94bd89cddd745a0

SHA-256:
a403a8c462e741102bec772a04751e0ba57230455c4f49e6a09a4fde82e18a5a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 10:27:37 AM UTC  (today)

File size:
1.2 MB (1,244,248 bytes)

Product version:
5.0.0

Copyright:
Copyright © Alexander Roshal 1993-2013

Original file name:
WinRAR.exe

File type:
Executable application (Win32 EXE)

Language:
Polish (Poland)

Common path:
C:\Program Files\winrar\winrar.exe

Digital Signature
Signed by:
win.rar GmbH

Authority:
COMODO CA Limited

Valid from:
6/13/2013 2:00:00 AM

Valid to:
6/14/2015 1:59:59 AM

Subject:
CN=win.rar GmbH, O=win.rar GmbH, STREET=Schumannstr. 17, L=Berlin, S=Berlin, PostalCode=10117, C=DE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
75953FA54DD12DD9CA6B948C17BFD67C

File PE Metadata
Compilation timestamp:
8/22/2013 3:00:06 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:uroE9QwM/6t09quYZlO6Ez1k1t7YIYsnMMMMMMYOj+j:/SZuYKzzq1xYCMMMMMMLjc

Entry address:
0xC6609

Entry point:
E8, AD, 8C, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 98, 90, 58, 00, 89, 0D, 94, 90, 58, 00, 89, 15, 90, 90, 58, 00, 89, 1D, 8C, 90, 58, 00, 89, 35, 88, 90, 58, 00, 89, 3D, 84, 90, 58, 00, 66, 8C, 15, B0, 90, 58, 00, 66, 8C, 0D, A4, 90, 58, 00, 66, 8C, 1D, 80, 90, 58, 00, 66, 8C, 05, 7C, 90, 58, 00, 66, 8C, 25, 78, 90, 58, 00, 66, 8C, 2D, 74, 90, 58, 00, 9C, 8F, 05, A8, 90, 58, 00, 8B, 45, 00, A3, 9C, 90, 58, 00, 8B, 45, 04, A3, A0, 90, 58, 00, 8D, 45, 08, A3, AC, 90, 58...
 
[+]

Code size:
856 KB (876,544 bytes)

Shell Open Command
Open type:
WinRAR

Command:
"C:\Program Files\winrar\winrar.exe" "%1"


The file WinRAR.exe has been seen being distributed by the following 7 URLs.

http://s6155.chomikuj.pl/File.aspx?e=tCIj0kifqHprfGOojSaviPPDCY3E21h6B_A-3L1QKnFgegosWcm7opbJXvCYaHK-VAJNTEeL1QElBXT_0qsj7IHFgdXfUXV6L5AiCiz7UkNd6qWTDRtqso6dSFVJEpRTl5P-8p6JpJDuYEDiv4pXRg&pv=2

http://s6155.chomikuj.pl/File.aspx?e=tCIj0kifqHprfGOojSaviPPDCY3E21h6B_A-3L1QKnGnREZpNxwAOz4E_WuBJMr64ZqvT4WyQnepDLPFOZV12-cq7scgpQhfxNIApT9Ts8K5w6BSHiR9Tup68MJFBhYUKhtrkxXx_yEUKLOkx0ociA&pv=2

http://s6155.chomikuj.pl/File.aspx?e=tCIj0kifqHprfGOojSaviPPDCY3E21h6B_A-3L1QKnGmy_GucGEyqr1PogknnrjWGyamVozwyG--hqbr0852aUVp7ssQEcFlRbsmt8n_m9wtc1YKm0TTKpnE52jmh0pzo6XrhMU7xnPFcztkyVWK4w&pv=2

http://s6155.chomikuj.pl/File.aspx?e=tCIj0kifqHprfGOojSaviPPDCY3E21h6B_A-3L1QKnGdEJRX25CLMvilS3hqgPcL0PPpIZdYsEQ7BcXboCHeHwOMeGSbVyxKu1B1BUoA9BU7pp4IDCmycZHTZVpmPabEjBYpbe9b967bUvEWN6djbg&pv=2

http://s6155.chomikuj.pl/File.aspx?e=tCIj0kifqHprfGOojSaviPPDCY3E21h6B_A-3L1QKnE_pTCwb6P6HoogieT9ZAfKlQYa54DsKz9AgyZtB4_1lgLllty7FP3ZBiRQuHDWlkEWdzuzyk90z95kZn20IoQI1URQUqbUJsveTAs6KTpamw&pv=2

http://s6155.chomikuj.pl/File.aspx?e=tCIj0kifqHprfGOojSaviPPDCY3E21h6B_A-3L1QKnHySXL0OrqcwPlvnmsxdql0dKlkvKfAQe2rwcChRRfwU5Gx4IJiwGgu_7nzmD33iAY5Fr6Kh3Ud29fR8hBMWxv8rR072dTy_A6D7YcCuuexag&pv=2

http://s6155.chomikuj.pl/File.aspx?e=tCIj0kifqHprfGOojSaviPPDCY3E21h6B_A-3L1QKnENkJ9NQ7DH998O_wyQtDd0h-cov9-8ng2RuwXs9aLx3YagwbZYK-siTo9wq3vniLwYYDyocN5Ii9Wy-gHrmHyYlzyeyMuf80o1HC2JSiea_w&pv=2

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.