home

winrar.x32.520.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from www.bin.ge.
MD5:
2f333de4b382ce1b4dda811cd2c556e9

SHA-1:
6f2a0ca0d5f540caf9694b65ee5b2e0812079fb4

SHA-256:
6acb0cee86e1dc2b2821bb63282cc62892f196a407de33d6071ffe7aa1bd344b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 12:35:37 AM UTC  (today)

File size:
1.8 MB (1,840,096 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\winrar.x32.520.exe

File PE Metadata
Compilation timestamp:
12/2/2014 2:07:41 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:inV80iUk84fMxNwvv97jeg6t27gLYaPiCCrL/zemveioP6muisCE0hGagdCh+G8e:zUkt0xiH9N7gkaBG/zFeioPRCCE0QPw

Entry address:
0x1D00B

Entry point:
1A, C6, 8D, 15, 74, 6A, 8B, 7D, 88, C6, 2C, 59, 8D, 15, 55, 98, FB, 9B, 88, DB, 89, FE, 21, E8, 6A, 00, 5E, FF, C8, F7, C2, D6, DA, 7E, 7F, 87, DB, 1D, 64, CA, C3, DC, 4B, 86, FD, 49, F3, 8D, 15, 0B, 00, 00, 00, 15, D1, 40, 23, 00, 69, D2, D1, DA, 00, 00, 0B, C2, 0F, C1, D6, 8D, 3D, D3, 8D, 95, D5, 81, EE, FA, 66, 09, 00, 89, C7, 85, C3, 0F, AF, C9, BD, 25, 68, 2F, 5F, FF, CB, B9, C2, C6, BE, 53, 77, 02, 00, CC, 81, FE, 11, 02, 00, 00, 0F, 86, A7, FF, FF, FF, 0F, AF, DB, BD, 57, 2D, 67, ED, 68, EE, A2, D7...
 
[+]

Entropy:
7.9562  (probably packed)

Code size:
160 KB (163,840 bytes)

The file winrar.x32.520.exe has been seen being distributed by the following URL.

http://www.bin.ge/getfilee.php?id=AF78330C&access_key=ZDQxZDhjZDk4ZjAwYjIwNGU5ODAwOTk4ZWNmODQyN2VjOWZhNmE3Nzg5YzZlNDg1ZWY4ZWFjN2NkNDc4ZDkzNUEy&captcha=

Scan winrar.x32.520.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.