» winrar_setup.exe
Overview
Analysis
File Details
Downloads (1)

winrar_setup.exe

WinRAR

Download Manager, LLC

The application winrar_setup.exe by Download Manager has been detected as adware by 26 anti-malware scanners. The program is a setup application that uses the AirInstaller Download Manager installer. With this installer, users are expecting to download WinRAR archiver but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware. The file has been seen being downloaded from download.downloadd.co.

File name:

winrar_setup.exe

Publisher:

Download Manager, LLC (signed and verified)

Product:

WinRAR

Version:

3.0.0.61

MD5:

42d9b8c5df3cc2a69986c2dba6d119cb

SHA-1:

3b97fa4550fb8ae83cfcb38b2ab9c285dcbd71d9

SHA-256:

fe46a344d5ab9f0e5389b9adad195d657ab50d26afd695618eb354afd8918e66

Scanner detections:

26 / 68

Status:

Adware

Explanation:

Bundles the Conduit Toolbar and/or Conduit Search Protect.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

1/12/2025 5:03:03 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.32

6314276

Agnitum Outpost

Riskware.Agent

7.1.1

Avira AntiVirus

TR/Trash.Gen

7.11.30.172

avast!

Win32:Adware-gen [Adw]

2014.9-141228

AVG

Generic

2015.0.3246

Bitdefender

Application.Bundler.FX

1.0.20.1810

Dr.Web

Adware.Conduit.170

9.0.1.0362

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.32

9.0.0.4668

ESET NOD32

Win32/DownloadAssistant.A potentially unwanted application

7.0.302.0

F-Prot

W32/A-9949dfbf

v6.4.7.1.166

F-Secure

Riskware.Gen:Variant.Application.Bundler

5.13.68

G Data

Application.Bundler.FX

14.12.24

IKARUS anti.virus

PUA.DownloadAssistant

t3scan.1.7.8.0

K7 AntiVirus

Unwanted-Program

13.185.13965

Malwarebytes

PUP.Optional.DownloadAssistant

v2014.12.28.12

MicroWorld eScan

Application.Bundler.FX

15.0.0.1086

NANO AntiVirus

Riskware.Win32.Conduit.dhhkky

0.28.6.63474

Norman

Gen:Variant.Application.Bundler.32

04.12.2014 14:30:06

Panda Antivirus

Trj/Genetic.gen

14.12.28.12

Qihoo 360 Security

Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

PUP.Installer.DownloadManager.M

15.1.4.13

Sophos

AirInstaller

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

10150

Total Defense

Win32/Tnega.MFfaER

37.0.11287

VIPRE Antivirus

Threat.4782985

33706

Zillya! Antivirus

Backdoor.Klon.Win32.1246

2.0.0.1984

File size:

783.7 KB (802,488 bytes)

Product version:

3.0.0.61

Original file name:

winrar_setup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

AirInstaller Download Manager

Language:

English (United States)

Common path:

C:\users\{user}\downloads\winrar_setup.exe

Digital Signature

Signed by:

Download Manager, LLC

Authority:

VeriSign, Inc.

Valid from:

12/13/2014 5:00:00 PM

Valid to:

12/13/2016 4:59:59 PM

Subject:

CN="Download Manager, LLC", O="Download Manager, LLC", L=Elkhart, S=Indiana, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

2E237E5FB17FCF829CCA0A9B6176FC0B

File PE Metadata

Compilation timestamp:

12/22/2014 10:20:01 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:wNlLp1zdnY029Ve01uh1eWT8/0Ngani6aAKQZl3Mu65aSf8Pp43goJpYEUpObRDw:gdcVe01ubfe0Mz8r65643goJpXDw

Entry address:

0x4CC8F

Entry point:

E8, 4E, 1A, 01, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 00, 4F, 4A, 00, 00, 74, 05, E9, B1, 1A, 01, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6... 
[+]

Entropy:

7.1124

The file winrar_setup.exe has been seen being distributed by the following URL.

http://download.downloadd.co/v2/click/fd0e7022/?d=http://downloadd.co/.../winrar.exe&n=WinRAR&key=db2a9ab6672ff49ffb9a906cdd30e4a33956aebd37db386c530a8507b9bf725d&affiliate_image=&product_image=http://downloadd.co/.../winrar.png&sid=uk-winrar&filename=winrar_setup

Remove winrar_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.