home

Winrar_Installer.exe

Winrar

Download Manager, LLC

The application Winrar_Installer.exe by Download Manager has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the AirInstaller Download Manager installer. The installer is marketed through download protals and search ads as WinRAR archiver but will also install additional software offers which include adware, PUPs and browser toolbars. The file has been seen being downloaded from download.dwnload.org.
Publisher:
Download Manager, LLC  (signed and verified)

Product:
Winrar

Version:
3.0.0.63

MD5:
f713b1067865dbe814e4f19cf328eb86

SHA-1:
f6cc486302c281b08b5512fabe088b2e397e679b

SHA-256:
d8d5795a9405091f723b0d8fcc6c0f56aacb0ee72f6065b241694eebdae125d6

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
1/12/2025 4:58:30 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Air Software.DRD Ventures.Bundler (M)
16.7.4.7

File size:
784.7 KB (803,528 bytes)

Product version:
3.0.0.63

Copyright:
(c) Download Manager, LLC

Original file name:
Winrar_Installer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
AirInstaller Download Manager

Language:
English (United States)

Common path:
C:\users\{user}\downloads\winrar_installer.exe

Digital Signature
Signed by:
Download Manager, LLC

Authority:
VeriSign, Inc.

Valid from:
12/13/2014 4:00:00 PM

Valid to:
12/13/2016 3:59:59 PM

Subject:
CN="Download Manager, LLC", O="Download Manager, LLC", L=Elkhart, S=Indiana, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2E237E5FB17FCF829CCA0A9B6176FC0B

File PE Metadata
Compilation timestamp:
1/6/2015 3:49:19 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:Ufgs8zfYy3or6tZekSG6RlYv1m4UOPcSm09Ho:UfgsqNSG6Yv1m4UCcN09

Entry address:
0x4CD0F

Entry point:
E8, 4E, 1A, 01, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 20, 4F, 4A, 00, 00, 74, 05, E9, B1, 1A, 01, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6...
 
[+]

Entropy:
7.1137

The file Winrar_Installer.exe has been seen being distributed by the following URL.

http://download.dwnload.org/v2/click/ftucuo66/?d=http://dwnload.org/.../winrar.exe&n=Winrar&key=c75f31a534e48a120550ed5ef33ec605eb3da541734d976f971bbf88e3f72bad&affiliate_image=&product_image=http://dwnload.org/.../winrar.png&sid=GUS2-winrar&filename=Winrar_Installer

Remove Winrar_Installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.