× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d73cc6a97c3edde637c7d952ee2e0efc5b09937e5300cb0ecaffda70f4efdef0
File name: winrar_540_64bit.exe
Detection ratio: 0 / 70
Analysis date: 2019-01-15 11:18:24 UTC ( 1 month ago ) View latest
Antivirus Result Update
Acronis 20190111
Ad-Aware 20190115
AegisLab 20190115
AhnLab-V3 20190114
Alibaba 20180921
ALYac 20190115
Antiy-AVL 20190115
Arcabit 20190115
Avast 20190115
Avast-Mobile 20190115
AVG 20190115
Avira (no cloud) 20190115
Babable 20180918
Baidu 20190115
BitDefender 20190115
Bkav 20190108
CAT-QuickHeal 20190114
ClamAV 20190115
CMC 20190114
Comodo 20190114
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190115
Cyren 20190114
DrWeb 20190114
eGambit 20190115
Emsisoft 20190114
Endgame 20181108
ESET-NOD32 20190114
F-Prot 20190114
F-Secure 20190114
Fortinet 20190114
GData 20190114
Ikarus 20190114
Sophos ML 20181128
Jiangmin 20190114
K7AntiVirus 20190114
K7GW 20190114
Kaspersky 20190114
Kingsoft 20190115
Malwarebytes 20190114
MAX 20190115
McAfee 20190114
McAfee-GW-Edition 20190114
Microsoft 20190114
eScan 20190114
NANO-Antivirus 20190114
Palo Alto Networks (Known Signatures) 20190115
Panda 20190114
Qihoo-360 20190115
Rising 20190115
SentinelOne (Static ML) 20181223
Sophos AV 20190115
SUPERAntiSpyware 20190109
Symantec 20190115
TACHYON 20190115
Tencent 20190115
TheHacker 20190115
Trapmine 20190103
TrendMicro 20190115
TrendMicro-HouseCall 20190115
Trustlook 20190115
VBA32 20190115
VIPRE 20190115
ViRobot 20190115
Webroot 20190115
Yandex 20190111
Zillya 20190115
ZoneAlarm by Check Point 20190115
Zoner 20190115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 8:16 PM 8/14/2016
Signers
[+] win.rar GmbH
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO RSA Code Signing CA
Valid from 12:00 AM 06/01/2015
Valid to 11:59 PM 05/31/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint CC6FD0D1EE3570E592A181D6B41E0FF308D833D3
Serial number 00 FE 46 A1 0A D9 42 69 C3 DD 22 5C 13 64 53 52 E4
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 05/09/2013
Valid to 11:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 12:00 AM 10/18/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT maxorder, appended, RAR, Unicode
PE header basic information
Target machine x64
Compilation timestamp 2016-08-14 19:16:02
Entry Point 0x00021ACC
Number of sections 7
PE sections
Overlays
MD5 3ad19959e5941f839f42888ad13372f6
File type application/x-rar
Offset 313344
Size 1866512
Entropy 8.00
PE imports
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
FindNextFileA
EncodePointer
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
SetFilePointerEx
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
InitializeCriticalSection
AllocConsole
TlsGetValue
MoveFileW
SetFileAttributesW
SetLastError
GetSystemTime
DeviceIoControl
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
QueryPerformanceFrequency
LoadLibraryExA
SetThreadPriority
FindClose
RtlVirtualUnwind
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
FoldStringW
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
CreateSemaphoreW
IsProcessorFeaturePresent
TzSpecificLocalTimeToSystemTime
TerminateProcess
SetUnhandledExceptionFilter
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlPcToFileHeader
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
GetModuleFileNameW
ExpandEnvironmentStringsW
FindFirstFileExA
FindNextFileW
RtlLookupFunctionEntry
ResetEvent
FreeConsole
FindFirstFileW
RtlUnwindEx
SetEvent
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
AttachConsole
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetSystemInfo
GetConsoleCP
FindResourceW
CompareStringW
GetEnvironmentStringsW
IsDBCSLeadByte
VirtualQuery
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
RtlCaptureContext
CloseHandle
GetACP
GetModuleHandleW
SetThreadExecutionState
GetLongPathNameW
IsValidCodePage
UnmapViewOfFile
GetTempPathW
Sleep
GetOEMCP
CreateHardLinkW
Number of PE resources by type
RT_STRING 9
RT_DIALOG 4
RT_ICON 4
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 20
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

FileTypeExtension
exe

TimeStamp
2016:08:14 20:16:02+01:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
206848

LinkerVersion
14.0

ImageFileCharacteristics
Executable, Large address aware

EntryPoint
0x21acc

InitializedDataSize
234496

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
5.2

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
File identification
MD5 2191cf9563cfc67efb45b8aff90c649e
SHA1 22ac3a032f37ce5dabd0673f401f3d0307f21b74
SHA256 d73cc6a97c3edde637c7d952ee2e0efc5b09937e5300cb0ecaffda70f4efdef0
ssdeep
49152:oxUmywYuFXIQaU/7+woJngMS4o/UFCiRU7Sr4bSx31NkiI:YzVXZaU/7+wxMyB7A4gFN2

authentihash 8070dbb8c91296faa544b8d508efddfad352b6b290a49cedefe8449d1cb6cc47
imphash 044b0f0861d15019544fb4177870a00d
File size 2.1 MB ( 2179856 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
peexe assembly overlay signed via-tor 64bits

VirusTotal metadata
First submission 2016-08-16 08:38:41 UTC ( 2 years, 6 months ago )
Last submission 2019-02-09 04:20:48 UTC ( 1 week ago )
File names winrar-x64-540-eng.exe
Winrar 64 bits.exe
winrar540-x64.exe
winrar 540 x64.exe
winrar-x64-540 (3).exe
WinRAR 5.40 64 Bit.exe
WinRAR 5.40 - x64.exe
winrar-x64-540.exe
u1603.exe
winrar-x64-540(1).exe
WinRAR v5.40-64bit-Eng.exe
winrarx64-540.exe
~~~winrar-x64-540.exe
winrar-x64-540 en.exe
winrar-x64-540.exe.50lid4i.partial
WinRar 64 Bit.exe
winrar-x64-540.exe
winrar-64bit.exe
WINRAR~1.EXE
winrar-x64-540[1].exe
unconfirmed 812896.crdownload
winrar-5-40-64-bit.exe
winrar-x64-540_2.exe
e1e30ca3-9b65-11e6-b607-80e65024849a.file
win.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!