» wrar521b1ar.exe
Overview
Analysis
File Details
Downloads (86)

wrar521b1ar.exe

win.rar GmbH

This is a setup program which is used to install the application. The file has been seen being downloaded from www.bulkstockupdate.com and multiple other hosts.

File name:

wrar521b1ar.exe

Publisher:

win.rar GmbH (signed and verified)

MD5:

ff1e4b5c788de2daa76263b16b9d8c7f

SHA-1:

239fa2f096e402ea1284a0e24ea0ddbbd1204b54

SHA-256:

a0e8ae803cc40ff115113370358a96d097650c3ba237b9f880ccb9cb2e7c6faa

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/24/2024 2:37:54 AM UTC (today)

File size:

1.7 MB (1,808,256 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\wrar521b1ar.exe

Digital Signature

Signed by:

win.rar GmbH

Authority:

COMODO CA Limited

Valid from:

6/13/2013 2:00:00 AM

Valid to:

6/14/2015 1:59:59 AM

Subject:

CN=win.rar GmbH, O=win.rar GmbH, STREET=Schumannstr. 17, L=Berlin, S=Berlin, PostalCode=10117, C=DE

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

75953FA54DD12DD9CA6B948C17BFD67C

File PE Metadata

Compilation timestamp:

1/9/2015 9:17:55 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:fQB4VdKMoI6XESwwQ/0dx5zw8DwvfVj+dfE4l:YBcRSww/5z/CfVj+dfN

Entry address:

0x1D05B

Entry point:

E8, 86, 63, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 82, FC, FF, FF, C7, 06, F8, B1, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, F8, B1, 42, 00, E9, 37, FD, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, F8, B1, 42, 00, E8, 24, FD, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 52, CA, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08... 
[+]

Entropy:

7.9527 (probably packed)

Code size:

160.5 KB (164,352 bytes)

The file wrar521b1ar.exe has been seen being distributed by the following 50 URLs.

http://www.bulkstockupdate.com/c?x=rVYw1bwsEc6aZOA8/6PIh4UTgxK 7Xq/g3018DTdhmk=&c=5Pwijdd0QCYYume7R/.../NDSzxbkOwo3IPh1k cVlFw&downloadAs=TomsInstaller.exe

http://www.packagesafenew.com/c?x=LuA/E9YJobvVyStDAMLhPPUvZj0n2Vre908CNzG1zes=&c=Tv6fNhnNoRza8egzPbI/O9G1ckIsFHJS52WmZ/CClqKwPjXr 7hilkEjwQmKcdj8DvGnHzLb6o6NsDop0PFPkvdDkUSAEC6kS8mVEZ4xQzdriNS8vCVJ54fsV0cV0aTzX9IHpb2anghOxFe9/5VFxw==&downloadAs=TomsInstaller.exe&fallback_url=http://www.rarlab.com/.../wrar521b1ar.exe

http://www.packagesafenew.com/c?x=DZOEf12JZRhlTNRtOurVBgYOYQvJ1yN3bpZrrKcTQwQ=&c=0mWktbOlt2F8NbBMUJewLJVux7ewC6VkfzJI117uQQ0Fc/f0hajYONjtNh07QrK7d4koIdKoHrFSyUjOk9xAaD9VpJ9PaRjQDphnPqIzsXrBsD6xtsEE0pn3ckSLv/yh&downloadAs=TomsInstaller.exe&fallback_url=http://www.rarlab.com/.../wrar521b1ar.exe

http://www.tomsguidebestgift.com/c?x=42/obtjr7FY44lyvdO9ltPlTmF9lFxQ qEkE25FfOrI=&c=LQMNgXSvnM4wDy0IjvpLXLTrUe0hJe4Fc IBrejDPBX7nQhjqaOMMcavuEOW9wojG6D7crnr6ADgYzgUcf0YGSYyxUXJIzvL9eOaoUx42JSSJQX27nBPj9LoFXB9uxWu3cK3jwDqyqxLvPqN0keFk5Bgm4CmaBj9VxRZb49X7UA=&downloadAs=TomsInstaller.exe&fallback_url=http://www.rarlab.com/.../wrar521b1ar.exe

http://www.bulkstockupdate.com/c?x=CVqgDaaIBIqeAWYd3LMoyuThMx5qF/.../ UT OrtM=&c=jIad30ixGSlc1eaiIFIztttKVJYHR0Olhr 8ZzkkuVJ3652PiBUJ4ja3IqFK5XdKPKSDq0rsmnnP537rgkO3DtkfdWhxVK2j9igtYkKoyuJzwMDmqh2j3i6xN20AzxIy&downloadAs=TomsInstaller.exe

http://www.bitssigncurrent.com/.../b3TCcFhWD8Tuk2rjuCH8lEwl28Dt4QQNg3RONHEhU2KQn8&downloadAs=TomsInstaller.exe

http://www.bulkstockupdate.com/c?x=ktbvoTsGOo2QrWJ6xuOofGmbxFAddBdKgudApT4xvrU=&c=UwQdqyioiFsDCxdu5cQuw3GlORkbxDmtIiyTvrGwl66h YdthAy0QOJsJn6OdqfwZJaXQuEfpAp7oQRVJOFUVXDSWJ4Ldrpb6YFVTRdDPqpEx 5OoxqUiEqN48LvadrW&downloadAs=TomsInstaller.exe

temp:wrar521b1ar.exe

http://cdn.tomsguidefiles.com/c?x=vFaoBRwJ/QpLmLfKOGlw8o4v3rKJZECzakRxpv E QU=&c=7HDG9F7mndaRVpTzN KLw4lDWNTosX5RssmveNBmaj9HBaOOgaUDTMDrxf5dj3S2dTRlxdDFoyK2ILMVFVwImqeczEOBiBx8H1GvAj9QFw/AYJhtlqEA6J4OldAqmlC6&fallback_url=http://www.rarlab.com/.../wrar521b1ar.exe&downloadAs=TomsInstaller.exe

http://cdn.tomsguidefiles.com/c?x=AVNlLTHaVPEA475imHN9YY2lE0LmZH14FJjVImQb lo=&c=9EfRq8XTLo5TTvYQMUworeLCxBzkpGzd/cLL1/olvf96fruSkQvWmLr97Wbzvzo2K94IPJS3IKENaAfHjtHw2w==&downloadAs=TomsInstaller.exe&fallback_url=http://www.rarlab.com/.../wrar521b1ar.exe

http://www.centerheartranch.com/c?x=ZYs1FQEG4O8RFVV jCTLdRH33gTC/J5 lnpws3WnPu8=&c=DkJvPS0KpdHEyHMqgfmK51WMSXgFIPniNjvuRJH/HEYOeg6/.../znnrVQgN&downloadAs=TomsInstaller.exe

http://www.packagesafenew.com/WVl6OTRQV1ZpY1RWWGVHbEJjemx5Tm5SS1MyVndOblZLVlhCS0pUSkNiV2hCYkdsR2JEZGFSM00yVEdrMWR6RXlZeVV6UkNaalBYTkhSbmRWWVhZM2RtUlZRakJOZDNWU1l6Rm5UMXBrU25oc1MxVnBZMFJ6TUd4VU4wNTBRM05pUkRaMldqUlpjRTV2ZDJFeVJXTTBXbXBNWnpOU09GQWxNa0kyUlVGdVduWjZPVWR5VlVaVVUyRkRSelZqWTNjMFFtZEplWEJFVVUxTmEzUklSbUpMVjNCR2FrOVFkMkl6TkZWWFprMUpPRUpIU21aREpUSkdTRkpJYVZwTE9VZE5UVWhUU0VFd1JHbFBNRUo1ZG1SQmFrVlpRVE5hUzNkTllqWjBkMnRPYW05T09IRkpVRTBsTTBRbVpHOTNibXh2WVdSQmN6MVViMjF6U1c1emRHRnNiR1Z5TG1WNFpTWm1ZV3hzWW1GamExOTFjbXc5YUhSMGNDVXpRU1V5UmlVeVJuZDNkeTV5WVhKc1lXSXVZMjl0SlRKR2NtRnlKVEpHZDNKaGNqVXlNV0l4WVhJdVpYaGw=

http://www.bulkstockupdate.com/c?x=h24ks8KMofIoz9zAZ 8elQ2lICMEiiuFT1/0aYdbYaw=&c=0KYTyvfOdPKrzMmfBRFbdflEfW8tgBUOVFSD8qcLdtACV8owBFNE e tp6jOi3WQqmCd vAKO0dnJKXX0tzbfXxZUqCZNIdw8HIvC1J44S3F51/.../PifTnXsoSVX&downloadAs=TomsInstaller.exe

http://www.packagesafenew.com/c?x=qo8yUGyx4EWeKDgrY2ijfYdj3JsWJa6HQueYydsHMXA=&c=pkypyxMB bhpglCyBCex6bJCKfznMkXC0 wpZZUNq/q578yHgLagwpMBJij8XLMJRAF7YEwHIYkXD46FgQZEDGhJ1AyJlGiPbrnzLS2X1I9m6IJD92tGjETwg4lHBj3HXfprU/ DlhoN26uTXPObhg==&downloadAs=TomsInstaller.exe&fallback_url=http://www.rarlab.com/.../wrar521b1ar.exe

http://cdn.tomsguidefiles.com/c?x=S1HRgyq945P7mysSU2LsLr8bjR5klQw281E0T/jkTzA=&c=LCKIOgL fxt7n9dDemNQ09n4cusfuf924 OfX5STGBrVv6VEcIvbNFu wB6oLENtbOzmciqn8X7JHI3lBkKATg==&downloadAs=TomsInstaller.exe&fallback_url=http://www.rarlab.com/.../wrar521b1ar.exe

http://www.bitssigncurrent.com/c?x=onBD/.../ljbXj&downloadAs=TomsInstaller.exe

http://www.packagesafenew.com/c?x=4n6qULqhASiCXfIIq1ucJZof3yZ3T5AB5ZgHdsPbJ8k=&c=1Pf89atgTl/x98S59FbyfXNViQRZYe7W7K3VpSMuF/cXgWRUheXAIQN3dqi9DUs79oH/17fybuuarJomAhyEhfM1LO9Z71lGeiOuAMpaQ6JWwF3a0bq65zB8QRkRCzpGMYMcbBSRjqVNIJAWVutXfQ==&downloadAs=TomsInstaller.exe&fallback_url=http://www.rarlab.com/.../wrar521b1ar.exe

http://www.bytetowergift.com/c?x=/.../ony0PapIDZYJWPD2Vu7kJuAy58tV5ulssKcH0Zc8y5HswdRaMFp20KF1f4DJkpgmLVvIUMXBHN5QWe5PUkCnvbqy4&downloadAs=TomsInstaller.exe&_ga=1.166955134.1169422447.1460809814

http://www.packagesafenew.com/c?x=xgJp/HjtT 35i3kHUUrpy9NkMi2Odl0ZT/l6e6apLV8=&c=r4EHCgSCBzKiz W7qJKEymjvB6pFuKdd01hDmPeOj32CR0l4G omBpvWCIu2Dld8IsuXEsZzlkg/fmrNzLO8GwnSf61vlLYvHWqYlcHoGufFkKaGRBEOXtWEQAKCtAYchpI4wFonWSsw7aGqGe2IR8P3Y6z62ydEBihPTxS/ pM=&downloadAs=TomsInstaller.exe&fallback_url=http://www.rarlab.com/.../wrar521b1ar.exe

http://www.bulkstockupdate.com/c?x=piB0ONtBUY3dzBe78hOGtenOopSsgIdKZ9 snZhjuow=&c=xpfQeKTAHe8fR4Fr5mUP7qadnUhwb7niMwr70v8O/.../MCMMOnt&downloadAs=TomsInstaller.exe

http://www.packagesafenew.com/c?x=AEcis6LK5oUWbvlK8nVZwf/SkF165QSewfEjCIRj3dk=&c=jAcWYMCptz6p858Kdxxgx9F5vQc9HZrFV28l9R0rY82Z//Ob7ejZ//E6jSN7GAcN2R81anwCqk1JPv2xflab3iUoFusBMHsXk2tHx9 RzodugSbhuRDWfvPCDO 9xD0DAwNFjY2aAsu lwEQcR7jQg==&downloadAs=TomsInstaller.exe&fallback_url=http://www.rarlab.com/.../wrar521b1ar.exe

http://www.bitssigncurrent.com/c?x=fUHzdyHabhsfsLfLJ2aBMQAZLUHARybke3m72t4 /jE=&c=q/.../e3Hjlk56kuLlJuuFrK6iwb9BLz4uyz64SwZyJkJCgNm SWPLxBC4pKKaGo2VVaseabAvHu9YhXJg8L0kN4fvmIhfewn4P&downloadAs=TomsInstaller.exe

http://cdn.tomsguidefiles.com/c?x=Aa7cQ6HgpGTLygu/W9ne4jzer1ebvesxqTCbk8BfNGA=&c=dkiuzva6cF4XS94EL65fyJYThKaQCAocSfbIZdGKqkUlQj uWJqBh1ajQTp 3twMMuhwwpUZ9z/e0BayQSZsfmSROvQMsL VwL9tSgxBD W1OQ3QWdsdsYBC6Yc72qyO&fallback_url=http://www.rarlab.com/.../wrar521b1ar.exe&downloadAs=TomsInstaller.exe

http://www.applicationdownloadhosting.com/c?x=PChYipvrsedjjmydl3BI6Vf0UDl7H5veiqfCmAjCFu4=&c=fGpyl/lx1/48U97NAG1SbfsUVq R0GUrBOKn6NIyu6l2qMI6LA1P4t0Cv3DpKt9ku7ys JCKMbsvQHaob43 zQuFK0b7XQrIYeGIMDOOJbvmYl/.../f9bT7KUq&downloadAs=TomsInstaller.exe

http://www.bulkstockupdate.com/c?x=83e2i CRd ORFxTepUVdF0JK1fbroNznpOv9gmER0so=&c=J4qKm49TnQNql34gFq5eMF1pCf7nbSi/.../4PCOFCftaViLiJfVCXpJLskYlski9IjC7rDpjI095F8&downloadAs=TomsInstaller.exe

http://www.bitssigncurrent.com/.../aUuZtoMqGnhqBQNKcb3Ebdotib G9dmmOxf4&downloadAs=TomsInstaller.exe

http://www.packagesafenew.com/c?x= UqAkRCv0xlFZ6gmsbL/Qyl7t60E8sZjTNkZSL3MCUg=&c=D48ClsUeRKaM5EC3 L8T5IWZErJ/CKscHq/Iodcl054v8dWgAYHquBvEmMe3FzBOeRodaw6VXUywP73YariyAlqRNw34himA39gZeU2Sy rlm2AGRB2vNsR0 /2JynnAOdqErNXyPkPzyCzVX0ptMQ==&downloadAs=TomsInstaller.exe&fallback_url=http://www.rarlab.com/.../wrar521b1ar.exe

http://www.packagesafenew.com/c?x=6ZrYPelEyNcfT5ebLq9 wh9zzUyKCxDJ80HsFGQUfkY=&c=yGPz4v3Idj8UJfrRQ41hZgGP1MbD2u/GGzB KQiaymPRg79a39pArKEb3HpgRqZwtPXJOjOZyrr5rs UUdQMH1YKiVcCZYz4WxgjD1zzkNKVubZ8H/BFiP2951J6BDPEePpsWhX5YqDtVHzYPObTAg==&downloadAs=TomsInstaller.exe&fallback_url=http://www.rarlab.com/.../wrar521b1ar.exe

http://cdn.tomsguidefiles.com/c?x=sQBfTexoLu1LxuGAhImFAeZRcLCywozfZJZbrolA D4=&c=4NpJBvsAZbliuWh6mYQ0PjWj4AzkjUcOEFC0fvrGYC4ilVMOTH7R4DAfD3UKb4d2PAEnznq4OC 1ejV9DAT0RZDsJ4bGSdZxxfHn2GcTW9Vfj7kppZfXv2XzryQqpI7fley6FiOn0Z0q7aZf44Sp6g==&fallback_url=http://www.rarlab.com/.../wrar521b1ar.exe&downloadAs=TomsInstaller.exe

http://www.bulkstockupdate.com/c?x=wj7kKegFokgS7LwzPXfZwnV9eFCHIQA7RUDurTguuvY=&c=g6H 9L9ZunycaI8iOOCwlmro3ZleXoRagUnCc1CpNQKPdLpasxRDu82xNU9D2h9xgnq471Tma0SP93Mj64CVdiATyn4YTPHAT1AoqM7HGrNppavC0Gg95FFDcDlirLSR&downloadAs=TomsInstaller.exe

Latest 30 of 86 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.