× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d73cc6a97c3edde637c7d952ee2e0efc5b09937e5300cb0ecaffda70f4efdef0
File name: winrar-x64-540.exe
Detection ratio: 0 / 67
Analysis date: 2018-07-07 17:59:02 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware 20180707
AegisLab 20180707
AhnLab-V3 20180707
ALYac 20180707
Antiy-AVL 20180707
Arcabit 20180707
Avast 20180707
Avast-Mobile 20180707
AVG 20180707
Avira (no cloud) 20180707
AVware 20180707
Babable 20180406
BitDefender 20180707
Bkav 20180706
CAT-QuickHeal 20180707
ClamAV 20180707
CMC 20180707
Comodo 20180707
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180707
Cyren 20180707
DrWeb 20180707
eGambit 20180707
Emsisoft 20180707
Endgame 20180612
ESET-NOD32 20180707
F-Prot 20180707
F-Secure 20180707
Fortinet 20180707
GData 20180707
Ikarus 20180707
Sophos ML 20180601
Jiangmin 20180707
K7AntiVirus 20180707
K7GW 20180707
Kaspersky 20180707
Kingsoft 20180707
Malwarebytes 20180707
MAX 20180707
McAfee 20180707
McAfee-GW-Edition 20180707
Microsoft 20180707
eScan 20180707
NANO-Antivirus 20180707
Palo Alto Networks (Known Signatures) 20180707
Panda 20180707
Qihoo-360 20180707
Rising 20180707
SentinelOne (Static ML) 20180701
Sophos AV 20180707
SUPERAntiSpyware 20180707
Symantec 20180707
TACHYON 20180707
Tencent 20180707
TheHacker 20180628
TotalDefense 20180707
TrendMicro 20180707
TrendMicro-HouseCall 20180707
Trustlook 20180707
VBA32 20180707
VIPRE 20180707
ViRobot 20180707
Webroot 20180707
Yandex 20180706
Zillya 20180706
ZoneAlarm by Check Point 20180707
Zoner 20180706
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 8:16 PM 8/14/2016
Signers
[+] win.rar GmbH
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 6/1/2015
Valid to 12:59 AM 6/1/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint CC6FD0D1EE3570E592A181D6B41E0FF308D833D3
Serial number 00 FE 46 A1 0A D9 42 69 C3 DD 22 5C 13 64 53 52 E4
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT maxorder, appended, RAR, Unicode
PE header basic information
Target machine x64
Compilation timestamp 2016-08-14 19:16:02
Entry Point 0x00021ACC
Number of sections 7
PE sections
Overlays
MD5 3ad19959e5941f839f42888ad13372f6
File type application/x-rar
Offset 313344
Size 1866512
Entropy 8.00
PE imports
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
FindNextFileA
EncodePointer
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
SetFilePointerEx
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
InitializeCriticalSection
AllocConsole
TlsGetValue
MoveFileW
SetFileAttributesW
SetLastError
GetSystemTime
DeviceIoControl
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
QueryPerformanceFrequency
LoadLibraryExA
SetThreadPriority
FindClose
RtlVirtualUnwind
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
FoldStringW
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
CreateSemaphoreW
IsProcessorFeaturePresent
TzSpecificLocalTimeToSystemTime
TerminateProcess
SetUnhandledExceptionFilter
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlPcToFileHeader
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
GetModuleFileNameW
ExpandEnvironmentStringsW
FindFirstFileExA
FindNextFileW
RtlLookupFunctionEntry
ResetEvent
FreeConsole
FindFirstFileW
RtlUnwindEx
SetEvent
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
AttachConsole
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetSystemInfo
GetConsoleCP
FindResourceW
CompareStringW
GetEnvironmentStringsW
IsDBCSLeadByte
VirtualQuery
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
RtlCaptureContext
CloseHandle
GetACP
GetModuleHandleW
SetThreadExecutionState
GetLongPathNameW
IsValidCodePage
UnmapViewOfFile
GetTempPathW
Sleep
GetOEMCP
CreateHardLinkW
Number of PE resources by type
RT_STRING 9
RT_DIALOG 4
RT_ICON 4
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 20
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

FileTypeExtension
exe

TimeStamp
2016:08:14 20:16:02+01:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
206848

LinkerVersion
14.0

ImageFileCharacteristics
Executable, Large address aware

EntryPoint
0x21acc

InitializedDataSize
234496

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
5.2

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
File identification
MD5 2191cf9563cfc67efb45b8aff90c649e
SHA1 22ac3a032f37ce5dabd0673f401f3d0307f21b74
SHA256 d73cc6a97c3edde637c7d952ee2e0efc5b09937e5300cb0ecaffda70f4efdef0
ssdeep
49152:oxUmywYuFXIQaU/7+woJngMS4o/UFCiRU7Sr4bSx31NkiI:YzVXZaU/7+wxMyB7A4gFN2

authentihash 8070dbb8c91296faa544b8d508efddfad352b6b290a49cedefe8449d1cb6cc47
imphash 044b0f0861d15019544fb4177870a00d
File size 2.1 MB ( 2179856 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
peexe assembly overlay signed via-tor 64bits

VirusTotal metadata
First submission 2016-08-16 08:38:41 UTC ( 2 years, 4 months ago )
Last submission 2018-12-16 16:03:05 UTC ( 2 days, 1 hour ago )
File names winrar-x64-540-eng.exe
Winrar 64 bits.exe
winrar540-x64.exe
winrar 540 x64.exe
winrar-x64-540 (3).exe
WinRAR 5.40 64 Bit.exe
WinRAR 5.40 - x64.exe
winrar-x64-540.exe
u1603.exe
winrar-x64-540(1).exe
WinRAR v5.40-64bit-Eng.exe
winrarx64-540.exe
~~~winrar-x64-540.exe
winrar-x64-540 en.exe
winrar-x64-540.exe.50lid4i.partial
WinRar 64 Bit.exe
winrar-x64-540.exe
winrar-64bit.exe
WINRAR~1.EXE
winrar-x64-540[1].exe
unconfirmed 812896.crdownload
winrar-5-40-64-bit.exe
winrar-x64-540_2.exe
e1e30ca3-9b65-11e6-b607-80e65024849a.file
win.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!