× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9156ffadd31532aeeb456e75b6d757a54915ad6d2a7c37c1b11c1a92c0b5c5a9
File name: winrar.exe
Detection ratio: 12 / 53
Analysis date: 2014-08-02 15:05:31 UTC ( 4 years, 7 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20140802
AVG Crypt3.AHXV 20140802
CMC Packed.Win32.FakeAV-Crypter.6!O 20140731
ESET-NOD32 a variant of Win32/Kryptik.CHZL 20140802
Kaspersky Trojan-Spy.Win32.Zbot.trng 20140802
Malwarebytes Trojan.Ransom.ED 20140802
McAfee Artemis!D8D6C8EA6B42 20140802
McAfee-GW-Edition Artemis!D8D6C8EA6B42 20140802
Microsoft PWS:Win32/Zbot 20140802
Sophos AV Mal/Generic-S 20140802
Symantec Suspicious.Cloud.5 20140802
Tencent Win32.Trojan.Bp-qqthief.Iqpl 20140802
Ad-Aware 20140802
AegisLab 20140802
Yandex 20140802
AhnLab-V3 20140802
AntiVir 20140802
Antiy-AVL 20140802
AVware 20140802
Baidu-International 20140802
BitDefender 20140802
Bkav 20140802
ByteHero 20140802
CAT-QuickHeal 20140802
ClamAV 20140802
Commtouch 20140802
Comodo 20140802
DrWeb 20140802
Emsisoft 20140802
F-Prot 20140802
F-Secure 20140802
Fortinet 20140802
GData 20140802
Ikarus 20140802
Jiangmin 20140802
K7AntiVirus 20140801
K7GW 20140801
Kingsoft 20140802
eScan 20140802
NANO-Antivirus 20140802
Norman 20140802
nProtect 20140801
Panda 20140802
Qihoo-360 20140802
Rising 20140802
SUPERAntiSpyware 20140802
TheHacker 20140801
TotalDefense 20140802
TrendMicro 20140802
TrendMicro-HouseCall 20140802
VBA32 20140801
VIPRE 20140802
ViRobot 20140802
Zoner 20140729
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-01 10:21:10
Entry Point 0x000058C1
Number of sections 5
PE sections
PE imports
GetTokenInformation
RegOpenKeyW
OpenProcessToken
ImageList_GetIcon
GetSaveFileNameA
GetTextMetricsW
SaveDC
GetPaletteEntries
EnumFontsA
GetDeviceCaps
DeleteDC
SetBkMode
BitBlt
RealizePalette
FillRgn
GetDCBrushColor
CreateEllipticRgn
CreatePalette
GetStockObject
SetViewportOrgEx
SelectPalette
SelectClipRgn
CreateCompatibleDC
CreateRectRgn
SelectObject
AddFontResourceExW
CreateSolidBrush
BeginPath
DeleteObject
GetStdHandle
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
OpenFileMappingA
FreeEnvironmentStringsW
lstrcatW
SetStdHandle
GetFileTime
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
TlsGetValue
GetEnvironmentVariableW
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
HeapSetInformation
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
SearchPathW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
GetStartupInfoW
GlobalLock
GetProcessHeap
lstrcpyW
GetFileInformationByHandle
lstrcpyA
CreateFileMappingA
GetProcAddress
LocalSize
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
LoadTypeLib
UnRegisterTypeLib
PathFileExistsW
UrlUnescapeA
EmptyClipboard
GetParent
UpdateWindow
BeginPaint
FindWindowA
GetClipboardData
MessageBoxW
GetWindowRect
EndPaint
SetDlgItemTextA
MoveWindow
GetDlgItemTextA
MessageBoxA
GetWindowDC
GetDC
ReleaseDC
SetWindowTextA
CheckMenuItem
DestroyIcon
LoadStringA
SetClipboardData
IsWindowVisible
GetWindowPlacement
SendMessageA
GetDlgItem
InvalidateRect
IsClipboardFormatAvailable
OpenClipboard
ValidateRect
GetSystemMenu
CloseClipboard
PtInRect
DestroyWindow
Direct3DCreate9
GdiplusShutdown
GdiplusStartup
CoUnmarshalInterface
CreateStreamOnHGlobal
OleUninitialize
CoGetInterfaceAndReleaseStream
OleInitialize
Number of PE resources by type
RT_DIALOG 4
Struct(240) 3
RT_MENU 2
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 10
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:08:01 11:21:10+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
88064

LinkerVersion
10.0

FileAccessDate
2014:12:01 00:35:01+01:00

EntryPoint
0x58c1

InitializedDataSize
203264

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2014:12:01 00:35:01+01:00

UninitializedDataSize
0

File identification
MD5 d8d6c8ea6b4238a6eb8cf7250d88e642
SHA1 eedb1a553f2491cdba7324debbd9fc97c2f02c04
SHA256 9156ffadd31532aeeb456e75b6d757a54915ad6d2a7c37c1b11c1a92c0b5c5a9
ssdeep
6144:xB9ygcHXB8ZNZWuEpOcBySKjKeFGG77gkujIoZ3dtp6k:xBIggXB8ZNZwcccKuGG7skRoNpD

authentihash 961361bef76b7d4622ef036f8c0bd48682d47e760f5ba406e515c40888ff1800
imphash b4bebdf47109a658b350048ff953226d
File size 285.5 KB ( 292352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-02 15:05:31 UTC ( 4 years, 7 months ago )
Last submission 2014-11-30 23:34:44 UTC ( 4 years, 3 months ago )
File names winrar.exe
d8d6c8ea6b4238a6eb8cf7250d88e642
d8d6c8ea6b4238a6eb8cf7250d88e642_INF3958.tmp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.