× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9f3c7d1f02d237be979b840cd450489e41a39b088763c95c828378b5de262164
File name: wrar561tr.exe
Detection ratio: 0 / 70
Analysis date: 2019-02-11 11:15:18 UTC ( 1 month, 1 week ago )
Antivirus Result Update
Acronis 20190208
Ad-Aware 20190211
AegisLab 20190211
AhnLab-V3 20190211
Alibaba 20180921
ALYac 20190211
Antiy-AVL 20190211
Arcabit 20190211
Avast 20190211
Avast-Mobile 20190211
AVG 20190211
Avira (no cloud) 20190211
Babable 20180918
Baidu 20190202
BitDefender 20190211
Bkav 20190201
CAT-QuickHeal 20190210
ClamAV 20190211
CMC 20190211
Comodo 20190211
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190211
Cyren 20190211
DrWeb 20190211
eGambit 20190211
Emsisoft 20190211
Endgame 20181108
ESET-NOD32 20190211
F-Prot 20190211
F-Secure 20190211
Fortinet 20190211
GData 20190211
Ikarus 20190211
Sophos ML 20181128
Jiangmin 20190211
K7AntiVirus 20190211
K7GW 20190211
Kaspersky 20190211
Kingsoft 20190211
Malwarebytes 20190211
MAX 20190211
McAfee 20190211
McAfee-GW-Edition 20190211
Microsoft 20190211
eScan 20190211
NANO-Antivirus 20190211
Palo Alto Networks (Known Signatures) 20190211
Panda 20190210
Qihoo-360 20190211
Rising 20190211
SentinelOne (Static ML) 20190203
Sophos AV 20190211
SUPERAntiSpyware 20190206
Symantec 20190211
Symantec Mobile Insight 20190207
TACHYON 20190211
Tencent 20190211
TheHacker 20190203
TotalDefense 20190210
Trapmine 20190123
TrendMicro 20190211
TrendMicro-HouseCall 20190211
Trustlook 20190211
VBA32 20190211
ViRobot 20190211
Webroot 20190211
Yandex 20190210
Zillya 20190208
ZoneAlarm by Check Point 20190211
Zoner 20190211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © Alexander Roshal 1993-2018

Product WinRAR
Original name WinRAR.exe
Internal name WinRAR
File version 5.61.0
Description WinRAR archiver
Signature verification Signed file, verified signature
Signing date 7:42 AM 10/2/2018
Signers
[+] win.rar GmbH
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 11:00 PM 06/01/2017
Valid to 10:59 PM 06/01/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint CA0CE78818E27A35FA76F8857A1A163EF3679729
Serial number 52 9E 3F 9F CF 7D 58 D5 20 D6 07 AB 74 39 50 02
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 11:00 PM 05/08/2013
Valid to 10:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 11:00 PM 10/17/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-30 18:01:57
Entry Point 0x0001CEA9
Number of sections 6
PE sections
Overlays
MD5 69649357f667bd1cc5c633aad8a160a9
File type audio/mpeg
Offset 401408
Size 2615624
Entropy 8.00
PE imports
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
FindNextFileA
EncodePointer
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
SetFilePointerEx
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
InitializeCriticalSection
LoadResource
AllocConsole
TlsGetValue
MoveFileW
SetFileAttributesW
SetLastError
GetSystemTime
DeviceIoControl
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
QueryPerformanceFrequency
LoadLibraryExA
SetThreadPriority
FindClose
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
FoldStringW
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
CreateSemaphoreW
IsProcessorFeaturePresent
TzSpecificLocalTimeToSystemTime
TerminateProcess
SetUnhandledExceptionFilter
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
DecodePointer
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
CompareStringW
GetModuleFileNameW
ExpandEnvironmentStringsW
FindFirstFileExA
FindNextFileW
ResetEvent
FreeConsole
FindFirstFileW
GlobalLock
SetEvent
GetTempPathW
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
AttachConsole
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetSystemInfo
GlobalFree
GetConsoleCP
GetTimeFormatW
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
VirtualQuery
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetThreadExecutionState
GetLongPathNameW
IsValidCodePage
UnmapViewOfFile
FindResourceW
Sleep
GetOEMCP
CreateHardLinkW
GdiplusShutdown
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipAlloc
GdipFree
GdipCloneImage
GdiplusStartup
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
Number of PE resources by type
RT_STRING 9
RT_ICON 7
RT_DIALOG 4
PNG 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 25
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.61.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
WinRAR archiver

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
339968

EntryPoint
0x1cea9

OriginalFileName
WinRAR.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Alexander Roshal 1993-2018

FileVersion
5.61.0

TimeStamp
2018:09:30 20:01:57+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
WinRAR

ProductVersion
5.61.0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Alexander Roshal

CodeSize
189440

ProductName
WinRAR

ProductVersionNumber
5.61.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
PE resource-wise parents
File identification
MD5 1141eba8de68928e132756a7d7f097cf
SHA1 d2bc14f1887822b76c29fa0fd834f8732a2686bf
SHA256 9f3c7d1f02d237be979b840cd450489e41a39b088763c95c828378b5de262164
ssdeep
49152:YxfBfJXAEW3/VzmODREGbQtdpVPrA+MDLVn0/edKZCSJUNXAqej5a27kXs4R8/b:kBfKEcpPDREqOTrA+MDLWZVJUNXJesWT

authentihash 1a72b47533df4c3d095b68acbc3292d5ea30c74f1589b55ca66b7f6c117f54e5
imphash 00be6e6c4f9e287672c8301b72bdabf3
File size 2.9 MB ( 3017032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-10-02 18:00:28 UTC ( 5 months, 3 weeks ago )
Last submission 2019-02-11 11:15:18 UTC ( 1 month, 1 week ago )
File names wrar561tr.exe
wrar561tr.exe
wrar561tr.exe
wrar561tr (1).exe
wrar561tr.exe
20190110210900461455.exe
20190105022835809233.exe
WinRAR.exe
WinRAR
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs