× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 822717b5b6f858ee0d00157e0b79368d88f6822684008ceaaac4a89b755f2e5f
File name: winrar-x64-411.exe
Detection ratio: 0 / 67
Analysis date: 2017-11-21 14:14:49 UTC ( 2 weeks, 5 days ago )
Antivirus Result Update
Ad-Aware 20171121
AegisLab 20171121
AhnLab-V3 20171121
Alibaba 20170911
ALYac 20171121
Antiy-AVL 20171121
Arcabit 20171121
Avast 20171121
Avast-Mobile 20171121
AVG 20171121
Avira (no cloud) 20171121
AVware 20171121
Baidu 20171121
BitDefender 20171121
Bkav 20171121
CAT-QuickHeal 20171118
ClamAV 20171121
CMC 20171121
Comodo 20171121
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20171121
Cyren 20171121
DrWeb 20171121
eGambit 20171121
Emsisoft 20171121
Endgame 20171024
ESET-NOD32 20171121
F-Prot 20171121
F-Secure 20171121
Fortinet 20171121
GData 20171121
Ikarus 20171121
Sophos ML 20170914
Jiangmin 20171121
K7AntiVirus 20171121
K7GW 20171121
Kaspersky 20171121
Kingsoft 20171121
Malwarebytes 20171121
MAX 20171121
McAfee 20171121
McAfee-GW-Edition 20171121
Microsoft 20171121
eScan 20171121
NANO-Antivirus 20171121
nProtect 20171121
Palo Alto Networks (Known Signatures) 20171121
Panda 20171121
Qihoo-360 20171121
Rising 20171121
SentinelOne (Static ML) 20171113
Sophos AV 20171121
SUPERAntiSpyware 20171121
Symantec 20171121
Symantec Mobile Insight 20171121
Tencent 20171121
TheHacker 20171121
TrendMicro 20171121
TrendMicro-HouseCall 20171121
Trustlook 20171121
VBA32 20171121
VIPRE 20171121
ViRobot 20171121
Webroot 20171121
WhiteArmor 20171104
Yandex 20171120
Zillya 20171121
ZoneAlarm by Check Point 20171121
Zoner 20171121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
Packers identified
F-PROT maxorder, appended, RAR, Unicode
PE header basic information
Target machine x64
Compilation timestamp 2012-02-17 14:55:33
Entry Point 0x0000D148
Number of sections 6
PE sections
Overlays
MD5 9bcf7893f003df262502cb0e03ce3fc0
File type application/x-rar
Offset 132096
Size 1507693
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
InitCommonControlsEx
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetFilePointer
GetSystemTime
GetLastError
HeapFree
GetStdHandle
DosDateTimeToFileTime
ReadFile
FileTimeToSystemTime
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
FindNextFileA
CompareStringW
HeapAlloc
SystemTimeToFileTime
IsDBCSLeadByte
GetCommandLineW
GetFileAttributesW
FileTimeToLocalFileTime
MoveFileW
OpenFileMappingW
SetFileAttributesA
GetDateFormatW
CreateDirectoryA
DeleteFileA
GetCPInfo
ExitProcess
MultiByteToWideChar
SetEnvironmentVariableW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
WriteFile
SetFileAttributesW
CloseHandle
WideCharToMultiByte
MapViewOfFile
MoveFileExW
ExpandEnvironmentStringsW
FindNextFileW
SetEndOfFile
GetFileAttributesA
GetTempPathW
FindFirstFileA
FindFirstFileW
HeapReAlloc
GetModuleHandleW
GetFullPathNameA
FreeLibrary
GetCurrentDirectoryW
LoadLibraryW
SetCurrentDirectoryW
UnmapViewOfFile
FindResourceW
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
GetFullPathNameW
SetFileTime
CreateFileA
GetTickCount
GetLocaleInfoW
GetNumberFormatW
SetLastError
CompareStringA
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
SetFocus
MapWindowPoints
SetWindowLongPtrW
GetParent
UpdateWindow
EndDialog
LoadBitmapW
DefWindowProcW
CopyRect
GetWindowTextW
GetMessageW
ShowWindow
GetSystemMetrics
SetWindowPos
wvsprintfW
CharToOemBuffA
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
RegisterClassExW
CharUpperW
DialogBoxParamW
CharToOemBuffW
wvsprintfA
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
GetWindowLongW
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
GetWindowLongPtrW
LoadStringW
SetWindowTextW
GetDlgItem
GetWindow
MessageBoxW
DispatchMessageW
OemToCharA
PeekMessageW
CharUpperA
GetClassNameW
GetClientRect
WaitForInputIdle
OemToCharBuffA
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
EnableWindow
SetForegroundWindow
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_DIALOG 4
RT_ICON 4
RT_STRING 4
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

TimeStamp
2012:02:17 15:55:33+01:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
88064

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
131584

SubsystemVersion
5.2

EntryPoint
0xd148

OSVersion
5.2

ImageVersion
0.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Compressed bundles
File identification
MD5 febf89f8f510dafb0985581aab2a4a77
SHA1 f6290dcda790a6eae9d9793d8c6c17afe5e68a2c
SHA256 822717b5b6f858ee0d00157e0b79368d88f6822684008ceaaac4a89b755f2e5f
ssdeep
49152:+VliRsB9azQjk0ipe0bAKlyB244Mw59nB7UT:+Vli3Hpe/Kkg44MIB7UT

authentihash c98a26c57050f5694fdd34173d49fbf43e5df6faf8ee7456ed8a10578cb91ae7
imphash 573e157e4c9d2cf9c3b68c2ca470a40b
File size 1.6 MB ( 1639789 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly, RAR self-extracting archive

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Tags
64bits peexe software-collection assembly overlay

VirusTotal metadata
First submission 2012-02-20 10:56:49 UTC ( 5 years, 9 months ago )
Last submission 2017-11-21 14:14:49 UTC ( 2 weeks, 5 days ago )
File names 822717b5b6f858ee0d00157e0b79368d88f6822684008ceaaac4a89b755f2e5f
MyEgy.Winrar4.11.X64.exe
1360536189-winrar-x64-411.exe
server.exe
WinRAR_4.11_(64-bit)[1].exe
fb71d522-2a7c-9f98-45cf-c94e03fa6a0e_1d27adcd5c1d47b
$RN08VHD.exe_
WinRAR 32Bit.exe
87586b54-af87-4b4b-a4a9-db8439eba18e.exe
MyEgy.WinRAR 4.11.X64.exe
kucf+8qy.exe.part
febf89f8f510dafb0985581aab2a4a77
winrar-x64-411-{0bd219a3-6816-4b70-b816-309726a76389}-v354211.exe
file-3572383_exe
filename
winrar-x64-411.exe
6yuq3tnhsctov2ozpe6yy3axv7s6ncrm.exe
winrar-x64-411 (1).exe
winrar411-x64.exe
download.php
414735.winrar-x64-411.exe
winrar-x64-411.exe
WinRAR 4.1.1 Final x64.exe
winrar411-64.exe
f115158.exe
Software collections
website http://oldapps.com/winrar.php?old_winrar=7302
oldapps http://oldapps.com/winrar.php?old_winrar=7302?download
product WinRAR 4.11 (x64)
developer win.rar GmbH
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!