home

WinRAR.exe

WinRAR

win.rar GmbH

WinRAR provides the full RAR and ZIP file support, can decompress CAB, GZIP, ACE and other archive formats. This is installed with WinRAR archiver. The file has been seen being downloaded from mg.mail.yahoo.com and multiple other hosts.
Publisher:
Alexander Roshal  (signed by win.rar GmbH)

Product:
WinRAR

Description:
WinRAR archiver

Version:
5.0.0

MD5:
c269fbcdc49fb63b8bd4d15c4b6939c6

SHA-1:
709b21cd7bde0865dfc52d73f50a89c6ce4eae93

SHA-256:
fcd4dfe74b9a1edc058bbc6916da357920635a3caa4b33acb17000248d3071a5

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/22/2024 9:06:26 PM UTC  (today)

File size:
1.2 MB (1,237,080 bytes)

Product version:
5.0.0

Copyright:
Copyright © Alexander Roshal 1993-2013

Original file name:
WinRAR.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\winrar\winrar.exe

Digital Signature
Signed by:
win.rar GmbH

Authority:
COMODO CA Limited

Valid from:
6/12/2013 7:00:00 PM

Valid to:
6/13/2015 6:59:59 PM

Subject:
CN=win.rar GmbH, O=win.rar GmbH, STREET=Schumannstr. 17, L=Berlin, S=Berlin, PostalCode=10117, C=DE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
75953FA54DD12DD9CA6B948C17BFD67C

File PE Metadata
Compilation timestamp:
8/22/2013 8:00:06 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:nroE9QwM/6t09quYZlO6Ez1k1t7YIn7MMMMMMGbj+G:oSZuYKzzq1xYIMMMMMMQjl

Entry address:
0xC6609

Entry point:
E8, AD, 8C, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 98, 90, 58, 00, 89, 0D, 94, 90, 58, 00, 89, 15, 90, 90, 58, 00, 89, 1D, 8C, 90, 58, 00, 89, 35, 88, 90, 58, 00, 89, 3D, 84, 90, 58, 00, 66, 8C, 15, B0, 90, 58, 00, 66, 8C, 0D, A4, 90, 58, 00, 66, 8C, 1D, 80, 90, 58, 00, 66, 8C, 05, 7C, 90, 58, 00, 66, 8C, 25, 78, 90, 58, 00, 66, 8C, 2D, 74, 90, 58, 00, 9C, 8F, 05, A8, 90, 58, 00, 8B, 45, 00, A3, 9C, 90, 58, 00, 8B, 45, 04, A3, A0, 90, 58, 00, 8D, 45, 08, A3, AC, 90, 58...
 
[+]

Entropy:
6.4356

Code size:
856 KB (876,544 bytes)

Shell Open Command
Open type:
WinRAR

Command:
"C:\Program Files\winrar\winrar.exe" "%1"


The file WinRAR.exe has been discovered within the following program.

WinRAR archiver  by win.rar GmbH
WinRAR archiver is a shareware file archiver that is able to create RAR archives natively.
www.rarlab.com
12% remove it
 
Powered by Should I Remove It?

The file WinRAR.exe has been seen being distributed by the following 2 URLs.

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_2_43864_ADfuw0MAABMRVPyjeQ6GwCUT8Ss&fid=Sent&pid=2&clean=0&appid=YahooMailNeo&ymreqid=d24bb9cf-0833-8ad7-0178-460018010000

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_2_144903_ANlXimIAACEnUsV 6 F7gFQEN4U&fid=Sent&pid=2&clean=0&appid=YahooMailNeo&ymreqid=d82b8634-9b71-37fd-0153-ce0028010000

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.