× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a3b416ef504b466621e9540e86a546bea110e208f2e68de3778997231068bf4e
File name: UnRAR.exe
Detection ratio: 0 / 64
Analysis date: 2017-10-09 12:27:05 UTC ( 2 months ago )
Antivirus Result Update
Ad-Aware 20171009
AegisLab 20171009
AhnLab-V3 20171009
Alibaba 20170911
ALYac 20171009
Antiy-AVL 20171009
Arcabit 20171009
Avast 20171009
Avast-Mobile 20171009
AVG 20171009
Avira (no cloud) 20171009
AVware 20171009
Baidu 20170930
BitDefender 20171009
Bkav 20171009
CAT-QuickHeal 20171009
ClamAV 20171009
CMC 20171009
Comodo 20171009
CrowdStrike Falcon (ML) 20170804
Cylance 20171009
Cyren 20171009
DrWeb 20171009
Emsisoft 20171009
Endgame 20170821
ESET-NOD32 20171009
F-Prot 20171009
F-Secure 20171009
Fortinet 20171009
GData 20171009
Ikarus 20171009
Sophos ML 20170914
Jiangmin 20171009
K7AntiVirus 20171009
K7GW 20171009
Kaspersky 20171009
Kingsoft 20171009
Malwarebytes 20171009
MAX 20171009
McAfee 20171009
McAfee-GW-Edition 20171009
Microsoft 20171009
eScan 20171009
NANO-Antivirus 20171009
nProtect 20171009
Palo Alto Networks (Known Signatures) 20171009
Panda 20171008
Qihoo-360 20171009
Rising 20171009
SentinelOne (Static ML) 20171001
Sophos AV 20171009
SUPERAntiSpyware 20171009
Symantec 20171009
Symantec Mobile Insight 20171006
Tencent 20171009
TheHacker 20171007
TrendMicro 20171009
TrendMicro-HouseCall 20171009
Trustlook 20171009
VBA32 20171009
VIPRE 20171009
ViRobot 20171009
Webroot 20171009
WhiteArmor 20170927
Yandex 20171006
ZoneAlarm by Check Point 20171009
Zoner 20171009
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
FileVersionInfo properties
Copyright
Copyright © Alexander Roshal 1993-2012

Product WinRAR
Internal name Command line RAR
File version 4.11.0
Description Command line RAR
PE header basic information
Target machine x64
Compilation timestamp 2012-02-17 14:54:58
Entry Point 0x00027140
Number of sections 6
PE sections
PE imports
RegCloseKey
OpenProcessToken
RegQueryValueExA
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExA
SetFileSecurityA
RegQueryValueExW
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
GetDriveTypeA
FindNextFileA
EncodePointer
FlsGetValue
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
RtlUnwindEx
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
MoveFileA
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
LocalFree
FormatMessageW
FindClose
MoveFileW
SetFileAttributesW
SetLastError
GetSystemTime
DeviceIoControl
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlsSetValue
GetModuleFileNameA
RaiseException
HeapSetInformation
SetThreadPriority
RtlVirtualUnwind
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFileAttributesA
SetUnhandledExceptionFilter
DecodePointer
SetEnvironmentVariableA
SetPriorityClass
TerminateProcess
WriteConsoleA
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
WriteConsoleW
CloseHandle
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
LoadLibraryA
GetStartupInfoA
RtlPcToFileHeader
CreateDirectoryA
DeleteFileA
CreateDirectoryW
DeleteFileW
GetProcAddress
CompareStringW
ExpandEnvironmentStringsW
FindNextFileW
GetDiskFreeSpaceA
CompareStringA
FindFirstFileW
ExpandEnvironmentStringsA
CreateFileW
GetFileType
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
HeapCreate
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
IsDBCSLeadByte
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
FlsAlloc
GetCommandLineA
FlsFree
GetCurrentThread
ReadConsoleW
SetFilePointer
ReadFile
RtlCaptureContext
FindFirstFileA
GetACP
GetModuleHandleW
IsValidCodePage
SetConsoleMode
RtlLookupFunctionEntry
Sleep
SetConsoleCtrlHandler
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetPathFromIDListW
CharLowerA
OemToCharBuffA
OemToCharA
CharUpperW
LoadStringW
CharLowerW
CharToOemBuffW
CharUpperA
ExitWindowsEx
CharToOemA
Number of PE resources by type
RT_STRING 46
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 48
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.2

InitializedDataSize
120832

ImageVersion
0.0

ProductName
WinRAR

FileVersionNumber
4.11.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

LinkerVersion
9.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
4.11.0

TimeStamp
2012:02:17 15:54:58+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
Command line RAR

ProductVersion
4.11.0

FileDescription
Command line RAR

OSVersion
5.2

FileOS
Win32

LegalCopyright
Copyright Alexander Roshal 1993-2012

MachineType
AMD AMD64

CompanyName
Alexander Roshal

CodeSize
204288

FileSubtype
0

ProductVersionNumber
4.11.0.0

EntryPoint
0x27140

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 5aa8e9ddd2a35f9ae8d9c131906b1617
SHA1 b259bcdc622cc25f0297c75ae28e7c67c3c49840
SHA256 a3b416ef504b466621e9540e86a546bea110e208f2e68de3778997231068bf4e
ssdeep
6144:LvCT1rkh46+WmgYUdMBBi1aUfQnHrRLkl5u62dM:U1ru46+WVYEI0VI8uxM

authentihash 8ea043180a6deb4b0e7a3d715d9ed1207da1a5c95311e44321c9a11f1e00f7c9
imphash d19037ccc2f84610262ed256c5786939
File size 276.0 KB ( 282624 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Tags
64bits peexe assembly

VirusTotal metadata
First submission 2012-02-22 01:55:07 UTC ( 5 years, 9 months ago )
Last submission 2017-10-09 12:27:05 UTC ( 2 months ago )
File names smona_a3b416ef504b466621e9540e86a546bea110e208f2e68de3778997231068bf4e.bin
UnRAR.exe
UnRAR.exe
13.ura
UnRAR.exe
UnRAR.exe
unrar.exe
UnRAR.exe
Command line RAR
file-3962819_exe
0003e2cc.tmp
UnRAR.exe
UnRAR.exe
aa
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!