× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 47c45478f852428c302d388c9cbb2afd2508d563987ce005d1403dd12646188f
File name: 22bc7d07c96ecb2782b0440f75752deb
Detection ratio: 5 / 55
Analysis date: 2015-07-24 13:04:12 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
Baidu-International Adware.Win32.iBryte.DRDI 20150724
Cyren W32/Agent.XL.gen!Eldorado 20150724
ESET-NOD32 a variant of Win32/Kryptik.DRDI 20150724
F-Prot W32/Agent.XL.gen!Eldorado 20150724
Malwarebytes Backdoor.Bot 20150724
Ad-Aware 20150724
AegisLab 20150724
Yandex 20150723
AhnLab-V3 20150723
Alibaba 20150724
ALYac 20150724
Antiy-AVL 20150724
Arcabit 20150724
Avast 20150724
AVG 20150724
Avira (no cloud) 20150724
AVware 20150724
BitDefender 20150724
Bkav 20150724
ByteHero 20150724
CAT-QuickHeal 20150724
ClamAV 20150724
Comodo 20150724
DrWeb 20150724
Emsisoft 20150724
F-Secure 20150724
Fortinet 20150724
GData 20150724
Ikarus 20150724
Jiangmin 20150723
K7AntiVirus 20150724
K7GW 20150724
Kaspersky 20150724
Kingsoft 20150724
McAfee 20150724
McAfee-GW-Edition 20150724
Microsoft 20150724
eScan 20150724
NANO-Antivirus 20150724
nProtect 20150723
Panda 20150724
Qihoo-360 20150724
Rising 20150722
Sophos AV 20150724
SUPERAntiSpyware 20150724
Symantec 20150724
Tencent 20150724
TheHacker 20150723
TrendMicro 20150724
TrendMicro-HouseCall 20150724
VBA32 20150723
VIPRE 20150724
ViRobot 20150724
Zillya 20150724
Zoner 20150724
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Alexander Roshal 1993-2013

Publisher Alexander Roshal
Product WinRAR
Original name WinRAR.exe
Internal name WinRAR
File version 5.1.0
Description WinRAR archiver
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-24 06:51:37
Entry Point 0x000072C4
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegEnumKeyA
RegOpenKeyExW
CreatePatternBrush
MoveToEx
DeleteDC
CloseFigure
SetDCPenColor
PatBlt
OffsetRgn
PlayEnhMetaFile
GetGlyphIndicesW
CreateFontIndirectA
GetTextColor
FillRgn
GetObjectW
SetMiterLimit
Ellipse
GetStdHandle
FileTimeToDosDateTime
FreeEnvironmentStringsA
DisconnectNamedPipe
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
IsProcessInJob
SetHandleCount
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
OutputDebugStringW
GlobalCompact
InterlockedDecrement
SetFileAttributesW
QueueUserWorkItem
SetLastError
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
LoadLibraryExA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
CreateMutexA
DeleteCriticalSection
GetExitCodeThread
SetUnhandledExceptionFilter
TerminateProcess
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetCommBreak
GetOEMCP
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetProcessIoCounters
GetFileSize
GlobalLock
VirtualProtectEx
CreateFileMappingW
AssignProcessToJobObject
FreeEnvironmentStringsW
FindNextFileW
GetProcAddress
GetProcessAffinityMask
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
lstrcpynW
RaiseException
TlsFree
GetModuleHandleA
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
IsBadCodePtr
OpenSemaphoreW
VirtualAlloc
DragAcceptFiles
ShellExecuteW
SHGetFolderPathA
CharNextExA
GetClipboardFormatNameA
DefFrameProcW
TrackPopupMenu
PaintDesktop
PostMessageA
DefDlgProcA
SystemParametersInfoW
SetClassLongW
GetDlgItemTextA
DeferWindowPos
GetParent
LoadCursorW
GetWindowLongW
FindWindowA
TrackPopupMenuEx
LoadBitmapA
InvalidateRect
OpenPrinterW
OleGetClipboard
OleCreateMenuDescriptor
OleFlushClipboard
Number of PE resources by type
RT_STRING 19
RT_ICON 6
Struct(1338) 1
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 28
NEUTRAL 3
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
141824

EntryPoint
0x72c4

OriginalFileName
WinRAR.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Alexander Roshal 1993-2013

FileVersion
5.1.0

TimeStamp
2015:07:24 07:51:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WinRAR

ProductVersion
5.1.0

FileDescription
WinRAR archiver

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Alexander Roshal

CodeSize
66560

ProductName
WinRAR

ProductVersionNumber
5.1.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 22bc7d07c96ecb2782b0440f75752deb
SHA1 2c0ee666ee2162f3cdc22171599041f99f364e90
SHA256 47c45478f852428c302d388c9cbb2afd2508d563987ce005d1403dd12646188f
ssdeep
3072:kQ5YsjVlANICshb+HVhh9iV5w0DSwWmDSC/uY5EkFx48:kQOsnANICHVh4DS0DSVY5548

authentihash be15ac0fc87bac7fb2bf7cf19a12c2e91df538164f144a58b9567e65a95ec8a1
imphash 42d28d5c9fd87348ec98476fb50cf64a
File size 204.5 KB ( 209408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-07-24 13:04:12 UTC ( 3 years, 9 months ago )
Last submission 2015-07-24 13:04:12 UTC ( 3 years, 9 months ago )
File names WinRAR.exe
WinRAR
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs