winrar.exe

Sacuredal

Dov gil Management Ltd.

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application winrar.exe, “Sacuredal Setup ” by Dov gil Management has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The installer is marketed through download protals and search ads as WinRAR archiver but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Dov gil Management Ltd.  (signed and verified)

Product:
Sacuredal

Description:
Sacuredal Setup

Version:
2.0.2.2

MD5:
06712aca83312d6fa3f606e53d016947

SHA-1:
6fe11d964b6dabcc7f3b048bda9e91c4cdfb9e13

SHA-256:
88aaa785f229ee1acee565b69c178df61715bfb7b04e5ab3808fe91ced8a3c4b

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/26/2024 3:53:06 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
17.3.13.7

File size:
987.2 KB (1,010,888 bytes)

Product version:
1.1.0

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\winrar.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
2/24/2016 2:04:43 PM

Valid to:
2/24/2017 2:04:43 PM

Subject:
CN=Dov gil Management Ltd., O=Dov gil Management Ltd., L=Petah Tikva, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112103FCD147C9A5FDDE12426FF8308C8A2A

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xAA98

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
40.5 KB (41,472 bytes)

The file winrar.exe has been seen being distributed by the following URL.

http://www.towerchucklelaboratory.com/sPd2sKYspWhlQ7_wIyt9fkTqpgFv3wamVSxWhsuNRAeDt3ENABoj52LE9bO4geHtjX1FMUUnLD B_koDdwl Nqclp9a_FhtoJLxYQEZ8dyNkWlQKouZAmSbbO1ahufFjR0VA8ltWYke8blqG6LPEG3tkXS2G_ AnOyDVjVtrjgKupGpcDLTVrAVlQrJ_1GdtBtRpOmKBwGpK6MHME9zM61MATC4gPNJ14v_E69 pEDrUUdOhzz7yVLeIJKLcsog96IxT QvrcewRvDpYMZd1KlQ529_Cj4Lot0P2r5eRYWTBtxS56W2ubHfzD95_Fb osAutE_JdWkBCp84Oj9o_qugK_7LDPHhCova0m8MrAJ9vSNwFp29NlPYwmvUnjmur6ONGEAzVHlt8Scm4K3986gqJkpRP1Z2pMV7QqWkMhtNQXCQeRS8C0QYoe0zHKSTsefpfeKCAK6nkyB198AfSby7y8hicYknGqIIRbx9ddFhQp2MkXAnRt71znResbXnC0ACx76zs-G2kAAMTcRq0ZZ0jDFMcUkYEfp0PQKQcOraiAMsnp84PbEDx wSFEX0fcxsezCQXtTpHzPj6qvffKVvFj8jvkLEepbNAg3BHUB7MiA1qbzRfFDAA=-e

Remove winrar.exe - Powered by Reason Core Security