× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 65bc20121baa2605330c8de962a81a0fa4f114096f9db4be6208c16902cfedc4
File name: a0c29024af6001db6eb8b0858f0fff7f
Detection ratio: 38 / 54
Analysis date: 2014-07-30 10:31:53 UTC ( 2 years, 11 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.34563 20140730
AhnLab-V3 Spyware/Win32.Zbot 20140729
AntiVir TR/Obfuscate.EK.170 20140730
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140730
Avast Win32:Malware-gen 20140730
AVG SHeur4.BYFI 20140730
AVware Trojan.Win32.Generic!BT 20140730
Baidu-International Trojan.Win32.Asprotect.bCO 20140730
BitDefender Gen:Variant.Symmi.34563 20140730
Bkav HW32.CDB.7ac1 20140728
CAT-QuickHeal TrojanSpy.Zbot.ra 20140730
Comodo UnclassifiedMalware 20140730
Emsisoft Gen:Variant.Symmi.34563 (B) 20140730
ESET-NOD32 a variant of Win32/Packed.Asprotect.CO 20140730
F-Secure Gen:Variant.Symmi.34563 20140730
Fortinet W32/Zbot.TLKG!tr 20140730
GData Gen:Variant.Symmi.34563 20140730
Ikarus Trojan-Spy.Win32.Zbot 20140730
K7AntiVirus Trojan ( 0048dc581 ) 20140728
K7GW Trojan ( 0048dc581 ) 20140728
Kaspersky Trojan-Spy.Win32.Zbot.tlkg 20140730
Malwarebytes Trojan.Agent.ED 20140730
McAfee RDN/Generic PWS.y!b2g 20140730
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.C 20140729
Microsoft VirTool:Win32/Obfuscator.EK 20140730
eScan Gen:Variant.Symmi.34563 20140730
NANO-Antivirus Trojan.Win32.Zbot.dceoml 20140730
Panda Trj/CI.A 20140730
Qihoo-360 Win32/Trojan.f5f 20140730
Rising PE:Trojan.Win32.Generic.15F4B554!368358740 20140730
Sophos Mal/Generic-S 20140730
Symantec WS.Reputation.1 20140730
Tencent Win32.Trojan-spy.Zbot.Lmak 20140730
TrendMicro TROJ_GEN.R0CBC0PGC14 20140730
TrendMicro-HouseCall TROJ_GEN.R0CBC0PGC14 20140730
VBA32 TrojanSpy.Zbot 20140729
VIPRE Trojan.Win32.Generic!BT 20140730
ViRobot Trojan.Win32.S.Zbot.422400 20140730
AegisLab 20140730
Yandex 20140729
ByteHero 20140730
ClamAV 20140730
CMC 20140728
Commtouch 20140730
DrWeb 20140730
F-Prot 20140730
Jiangmin 20140725
Kingsoft 20140730
Norman 20140730
nProtect 20140729
SUPERAntiSpyware 20140730
TheHacker 20140728
TotalDefense 20140730
Zoner 20140729
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Alexander Roshal 1993-2013

Publisher Alexander Roshal
Product WinRAR
Original name WinRAR.exe
Internal name WinRAR
File version 5.0.0
Description WinRAR archiver
Packers identified
F-PROT Aspack
PEiD ASProtect v1.23 RC1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-22 13:00:50
Entry Point 0x00001000
Number of sections 10
PE sections
PE imports
RegQueryValueExA
InitCommonControlsEx
ImageList_SetIconSize
UnrealizeObject
GetProcAddress
GetModuleHandleA
LoadLibraryA
RaiseException
SysFreeString
SafeArrayPtrOfIndex
VariantChangeTypeEx
SHAutoComplete
GetKeyboardType
VerQueryValueA
Number of PE resources by type
RT_STRING 15
RT_CURSOR 7
RT_VERSION 2
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 26
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
29696

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright Alexander Roshal 1993-2013

FileVersion
5.0.0

TimeStamp
2013:08:22 13:00:50+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
WinRAR

FileAccessDate
2014:07:12 06:21:35+00:00

ProductVersion
5.0.0

FileDescription
WinRAR archiver

OSVersion
4.0

FileCreateDate
2014:07:12 06:21:35+00:00

OriginalFilename
WinRAR.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Alexander Roshal

CodeSize
161280

ProductName
WinRAR

ProductVersionNumber
5.0.0.0

EntryPoint
0x1000

ObjectFileType
Executable application

File identification
MD5 a0c29024af6001db6eb8b0858f0fff7f
SHA1 ae61a51deb4d5d61d9b95ca57d670c99a6ab2aa2
SHA256 65bc20121baa2605330c8de962a81a0fa4f114096f9db4be6208c16902cfedc4
ssdeep
12288:ik8lsFk9QZRSE0aoCqalqDxTkCQuT5K5EmY:MsZZgEjoCqalqDxdKA

imphash 9deb042eac106016ccf1962df63ee390
File size 412.5 KB ( 422400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe asprotect aspack

VirusTotal metadata
First submission 2014-07-12 06:20:54 UTC ( 2 years, 11 months ago )
Last submission 2014-07-30 10:31:53 UTC ( 2 years, 11 months ago )
File names WinRAR.exe
WinRAR
a0c29024af6001db6eb8b0858f0fff7f
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections