wrar420br.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from www.reisauditores.com.br and multiple other hosts.
MD5:
8bebac2f6c572a528c16eaaa58462313

SHA-1:
8ff6b8d97e126b166c2ae562fe538dbd5b3d8630

SHA-256:
f5d0462137dcfd9e3db2bb9eedabe74e8917221d061980ac906bfeb79eff26ab

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/28/2024 11:51:39 AM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Trojan.Banload-1361
0.98/18355

File size:
3 MB (3,185,166 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\wrar420br.exe

File PE Metadata
Compilation timestamp:
5/2/2012 5:09:11 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:9XWVVF0sO9CZBXm5ukcnK81d7pMe7XdB/TZ:JG5BXCukcKk7NB/TZ

Entry address:
0xAA07

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, 9E, 2C, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, 1C, A6, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 24, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 24, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, 5F, AB, FF, FF, C3, 55, 8B, EC, 83, EC, 1C, 56, 33, F6, 56, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 1C, 22, 41, 00, 85, C0, 74, 21, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 20, 22, 41, 00, 8D, 45, E4...
 
[+]

Code size:
67 KB (68,608 bytes)

The file wrar420br.exe has been seen being distributed by the following 32 URLs.

http://www.reisauditores.com.br/arquivos/.../3e5677b526d198299c5ccdca2ad07d1d.exe

https://doc-08-20-docs.googleusercontent.com/docs/securesc/6hbudh3p1tmeuughdcpi5ht8f1gpiao4/kh89qgdjdgn07e9p793g6ih8phisfkeo/1482336000000/.../01808467715981486188/0B_Upf9cHWRUORWVkMWs2SGg0QVk?e=download

http://s6105.minhateca.com.br/File.aspx?e=tGU6v5Xnl9hGir1kH64D_AszD3XDSE9iwN5s9dsVA2-20uHsFqceCJWj_RKWXVsbjDu4wZphVYmfj4qmIeqbb-p83G7MqvWuDUkuCAm6auhFeKo4hDC0msOdFe4QcLWx2EXd2qmk8a2Yu30i3i9QkA&pv=2

http://177.153.8.220/.../wrar420br.exe

ftp://189.7.169.9/.../wrar420br.exe

ftp://186.219.112.35/.../wrar420br.exe

http://www.geskom.com.br/winrar.exe

http://neemias.info/.../winrar - programa para descompactar.exe

http://www.computex.com.br/admin/.../winrar.exe

http://www.inforsystem.com/attachments/article/.../winrar.exe

http://download1594.mediafire.com/kc1eeex23oag/.../WinRar 4.20 32 Bits.exe

https://mega.nz/temporary/.../U9Mw2ZDT

https://mega.nz/temporary/.../IgRkRKBQ

http://webmail.kcw.com.br/.../?_task=mail&_action=get&_mbox=INBOX.TOOLS&_uid=53&_part=3&_download=1

https://download.wetransfer.com/us2/.../Winrar 4.20.exe

http://www.sistemapdv.com.br/.../Winrar.exe

http://189.2.115.68/.../wrar420br.exe

https://mega.nz/temporary/.../UANAFCzZ

http://rarlabs.com/.../wrar420br.exe

Latest 30 of 32 download URLs

Scan wrar420br.exe - Powered by Reason Core Security