» wrar531.exe
Overview
Analysis
File Details
Downloads (1)

wrar531.exe

The executable wrar531.exe has been detected as malware by 5 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from winrar.sv.softonic.com.

File name:

wrar531.exe

MD5:

ece0b1c7b9a1372b69634f1701049cce

SHA-1:

f87fc62175b7eb71293f435084435d29a05d470f

SHA-256:

7a4eb5a2fdcb22f01ec3902e27df57ed4ec75e3d32d5508576a027c6c904d6f2

Scanner detections:

5 / 68

Status:

Malware

Analysis date:

11/23/2024 7:49:18 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Valla

160518-2

ESET NOD32

Win32/Xorala.A virus

8.0.319.0

F-Prot

W32/Harmony.A

4.6.5.141

Microsoft Security Essentials

Threat.Undefined

1.223.2587.0

Norman

Win32.Valhalla.2048

19.05.2016 01:04:49

File size:

1.8 MB (1,844,224 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\wrar531.exe

File PE Metadata

Compilation timestamp:

2/3/2016 8:38:36 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:SI8JmvPav5tq8HBcxDzNBBjJcLN247+GUKm7cj:SI8Uav5xHBEBjJcLT7lUKhj

Entry address:

0x61000

Entry point:

50, 50, 53, 51, 52, 56, 57, FC, E8, 00, 00, 00, 00, 5F, 81, EF, 0D, 00, 00, 00, 8B, 87, D0, 05, 00, 00, 89, 87, CC, 05, 00, 00, 8B, 74, 24, 1C, 81, E6, 00, F0, FF, FF, 66, 81, 3E, 4D, 5A, 74, 08, 81, EE, 00, 10, 00, 00, EB, F1, 89, B7, C4, 05, 00, 00, 8B, 76, 3C, 03, B7, C4, 05, 00, 00, 66, 81, 3E, 50, 45, 0F, 85, C5, 00, 00, 00, 8B, 46, 78, 03, 87, C4, 05, 00, 00, 89, 87, C8, 05, 00, 00, 8D, B7, D4, 05, 00, 00, 8D, 76, 04, E8, 54, 00, 00, 00, 89, 46, FC, 46, 80, 3E, 00, 75, FA, 46, 80, 7E, 04, 00, 75, E8... 
[+]

Code size:

164.5 KB (168,448 bytes)

The file wrar531.exe has been seen being distributed by the following URL.

http://winrar.sv.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmqONo6Wglpo=

Remove wrar531.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.