» winrarsetup.exe
Overview
Analysis
File Details
Downloads (1)

winrarsetup.exe

Internet

Installer

The application winrarsetup.exe, “Internet Setup ” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.tourstockapplications.com.

File name:

winrarsetup.exe

Publisher:

Installer

Product:

Internet

Description:

Internet Setup

Version:

4.1.5.4

MD5:

6f15c6cb7d58b42c332a323e3cb4d518

SHA-1:

12a9f4b9ae05a9b7bc6a3409db20492b056f360e

SHA-256:

bd2fc19915bde58b90d984c8015f0bc0b0f806be4d08be9f1125aca1be1b995a

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/6/2024 10:23:56 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Bundler (M)

16.3.27.11

File size:

953.4 KB (976,240 bytes)

Product version:

3.2

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\winrarsetup.exe

File PE Metadata

Compilation timestamp:

6/20/1992 6:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:lQ8rr5DDAuzck3J7JJq0a7psH0iG65wvbF+alZgOF5u:l7FMul51O7psS65wjc2ZLu

Entry address:

0x9C40

Entry point:

89, CD, 87, DE, 09, DB, 0C, 11, F2, FE, C2, F7, C1, E7, E1, 8B, 11, FF, C6, BA, 00, 00, 00, 00, 69, D8, 01, FF, 0E, A6, 25, F6, 30, 8D, E5, 8D, 2D, 59, 68, 4C, 93, 85, D3, F2, 69, E9, C7, 80, 84, AA, 81, C2, F4, 02, 00, 00, F3, 0F, B7, C7, 81, EA, F3, 02, 00, 00, 89, C8, 84, CF, F2, 24, 02, 81, CD, DB, 89, A2, 9C, 84, FB, 81, FA, F4, 0C, 00, 00, 0F, 8C, BB, FF, FF, FF, 4F, 69, EB, 16, BE, 6B, AE, B5, 55, E8, 46, 00, 00, 00, C6, C6, 55, 8D, 1D, F2, 93, DB, 9B, 00, E8, B8, E9, AD, F7, C0, F3, 88, FC, F6, C7... 
[+]

Entropy:

7.9437 (probably packed)

Code size:

37 KB (37,888 bytes)

The file winrarsetup.exe has been seen being distributed by the following URL.

http://www.tourstockapplications.com/c?x=iYhp8QXePmstNvf5kf8Koj75X3SbRbKqUsGIuW5pm88=&c=csMC62MpW5k5CTOhB2qfjO28IQir41kWYn25lwJvMJOaqgKDy/sA9fGktl4o7p1iXjMcEm52yLZDngBF88iG PQ8bbu5meYipZ Kh18zbKvYWSLGvgzXkJS2Pjjhn7Vg&downloadAs=WinRARSetup.exe&fallback_url=http://allmyapps.com/binary/1410/.../direct-download?token=90c4f1d505d730885cc98010575156fddefdb54b

Remove winrarsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.