WinRAR.exe
WinRAR by win.rar GmbH (Signed)
Warning 25 antivirus scanners has detected malware in various versions of WinRAR.exe.
Overview
winrar.exe has 138 known versions, the most recent one is 5.10.4. winrar.exe is run as a standard windows process with the logged in user's account privileges. The average file size is about 1.17 MB. It is an authenticode code-signed executable issued to win.rar GmbH by the certification authority COMODO CA Limited. The programs WinRAR 4.20 (32-bit), QuickTime and WinRAR 5.20 (64-bit) have been observed as installing specific variations of winrar.exe. During the process's lifecycle, the typical CPU resource utilization is less than 0.01%, the average private memory consumption is about 12.84 MB with the maximum memory reaching around 18.71 MB. Addionally, typically read and write I/O disk operations is about 15.37 KB per minute for reads and 13.69 KB per minute for writes.
What is winrar.exe?
WinRAR is a powerful archive manager. It can backup your data and reduce the size of email attachments, decompress RAR, ZIP and other files downloaded from Internet and create new archives in RAR and ZIP file format.
About winrar.exe (from win.rar GmbH)
“There is no better way to compress files for efficient and secure file transfer, faster e-mail transmission and well organized data storage. Over 500 million users world-wide make WinRAR the worlds's ”
 Details
|
| File name: | winrar.exe |
| Publisher: | Alexander Roshal |
| Product name: | WinRAR |
| Description: | WinRAR archiver |
| Typical file path: | C:\Program Files\winrar\winrar.exe |
| Certificate |
| Issued to: | win.rar GmbH |
| Authority (CA): | COMODO CA Limited |
| Expiration date: | Sunday, June 14, 2015 |
Programs installed in
(Note, the programs listed below are for all versions of WinRAR.)
|
Adobe Systems Incorporated |
|
Adobe Digital Editions is an ebook reader software program from Adobe Systems built initially (1.x version) using Adobe Flash. It is used for acquiring, managing and reading eBooks, digital newspapers...
|
Adobe Systems Incorporated |
|
“Make the impossible possible with the new, more connected After Effects® CC. Get powerful new features like a Live 3D Pipeline that brings CINEMA 4D scenes in as layers — without intermediate renderin...”
“The Amazon MP3 Downloader is software you'll use along with Amazon Cloud Player to manage your music. The Downloader is a piece of software that streamlines the process of downloading by enabling you ...”
If You are using the free Service, AnchorFree may deliver third-party Advertisements within the content of any web page accessed. Advertisements may be injected into the top of the page, inserted dire...
QuickTime is an extensible multimedia framework capable of handling various formats of digital video, picture, sound, panoramic images, and interactivity. QuickTime for Microsoft Windows has always be...
Apple's iTunes is a proprietary media player computer program, used for playing and organizing digital music and video files on desktop computers. It can also manage contents on iPod, iPhone and iPad....
“Enabling VoiceOver for iPod allows you to hear the names of songs, artists, and playlists spoken when listening to content on your iPod. If you have the Apple Earphones with Remote and Mic or the In-E...”
An AirPort card is an Apple-branded wireless card used to connect to wireless networks such as those provided by an AirPort Base Station. AirPort is the name given to a series of Apple products using ...
Ghostscript is a suite of software based on an interpreter for Adobe Systems' PostScript and Portable Document Format (PDF) page description languages. Its main purposes are the rasterization or rende...
“ASUS makes serious hardware for die-hard overclockers who want to squeeze every ounce of performance out of their gear and never back down from a challenge. This experience is enhanced further with th...”
Vuze is a BitTorrent client used to transfer files via the BitTorrent protocol. Vuze is written in Java, and uses the Azureus Engine. In addition to downloading data linked to .torrent files, Azureus...
“Fraps is a universal Windows application that can be used with games using DirectX or OpenGL graphic technology. Show how many Frames Per Second (FPS) you are getting in a corner of your screen. Perf...”
µTorrent is a is a free, ad-supported, lighter-weight BitTorrent client designed to consume less resources then the full BitTorrent version. Some uTorrent installs include potentially unwanted applic...
Cloob Messenger bundles a branded version of the Conduit Toolbar, which delivers search based advertising and results. During installation the user is presented in some cases with the option to instal...
|
Flagship Industries, Inc. |
|
“Ventrilo is comprised of two primary Components: The Client that every end user will need to download, and the Server. Only one person needs to host a Server that all of the other Clients will connect...”
Behaviors
(Note, the behaviors below are for all versions of winrar.exe, select a unique version for details.)
Shell open command
Malware detections
Based on 40+ industry antivirus scanners, 25 of them detected the following malware.
| Antivirus engine | Engine version | Detection | File version |
| Agnitum |
5.5.1.3 |
Trojan.DL.Agent!CBAtfc1fylA |
3.80 |
| Antiy Labs AVL |
2.0.3.7 |
Trojan/Win32.Exchanger.gen |
3.80 |
| Authentium |
5.2.0.5 |
W32/Downldr2.HGJR |
3.80 |
| AVG |
2014.0.3629 |
Generic2_c.BHRL |
3.80 |
| Clam AntiVirus |
0.97.3.0 |
PUA.Win32.Packer.DupPatcher |
3.93.0 |
| Commtouch |
5.4.1.7 |
W32/Downloader.UUUR-5290 |
3.80 |
| Commtouch |
5.3.2.6 |
W32/Downldr2.HGJR |
3.80 |
| eSafe |
7.0.17.0 |
Win32.FakeAlert.In |
3.80 |
| eSafe |
7.0.17.0 |
Win32.FakeAlert.In |
3.80 |
| eSafe |
7.0.17.0 |
Win32.TrojanHorse |
3.92.0 |
| F-Prot |
v6.4.7.1.166 |
W32/Downldr2.HGJR |
3.80 |
| F-Prot |
v6.4.6.5.141 |
W32/Downldr2.HGJR |
3.80 |
| F-Prot |
v6.4.6.0.103 |
W32/Downldr2.HGJR |
3.80 |
| K7 AntiVirus |
9.144.7182 |
Trojan-Downloader |
3.80 |
| Kaspersky |
- |
Backdoor.Win32.Ceckno.cth |
3.80 |
| Kingsoft |
2012.9.4.139 |
Win32.Malware.Heur_Generic.A.(kcloud) |
4.0.5 |
| McAfee |
5.400.1158 |
Artemis!223DA3018AB0 |
3.80 |
| McAfee Gateway Anti-Malware |
v6.8.5-dat |
Heuristic.BehavesLike.Win32.Virus.K |
3.80 |
| McAfee Gateway Anti-Malware |
v2012.1-dat |
Artemis!223DA3018AB0 |
3.80 |
| nProtect |
2011-06-06.01 |
Worm/W32.Agent.966656 |
3.80 |
| Sunbelt |
- |
Worm.Win32.Viking.lz |
3.80 |
| Symantec |
20121.2.0.78 |
WS.Reputation.1 |
4.20.0 |
| Trend Micro HouseCall |
9.500.0.1008 |
TROJ_GEN.RC1H1IK |
3.80 |
| VIPRE Antivirus |
12150 |
Trojan.Win32.Generic!BT |
3.80 |
| VirusBuster |
5.0.27.0 |
Trojan.DL.Agent.TDOG |
3.80 |
All file variations of winrar.exe
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Ultimate |
27.25% |
|
| Windows 7 Home Premium |
23.50% |
|
| Microsoft Windows XP |
14.00% |
|
| Windows 8 Pro |
7.75% |
|
| Windows 7 Professional |
6.50% |
|
| Windows 8.1 Pro |
3.00% |
|
| Windows 7 Home Basic |
2.75% |
|
| Windows 8.1 |
2.25% |
|
| Windows 8 |
1.75% |
|
| Windows 8 Single Language |
1.50% |
|
| Windows 8 Enterprise |
1.50% |
|
| Windows 8.1 Single Language |
1.25% |
|
| Windows Vista Home Premium |
1.25% |
|
| Windows 8.1 Pro with Media Center |
1.00% |
|
| Windows 7 Enterprise |
1.00% |
|
| Windows 8 Pro with Media Center |
0.75% |
|
| Windows 8.1 Enterprise |
0.50% |
|
| Windows 8 Pro N |
0.50% |
|
| Windows 8.1 N |
0.25% |
|
| Windows 8 Enterprise N |
0.25% |
|
| Windows Vista Home Basic |
0.25% |
|
| 26 other Windows OS version |
Distribution by country
United States installs about 17.04% of WinRAR.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Dell |
19.96% |
|
| ASUS |
18.00% |
|
| Hewlett-Packard |
12.92% |
|
| Acer |
11.94% |
|
| Lenovo |
7.83% |
|
| Toshiba |
7.05% |
|
| Sony |
4.70% |
|
| GIGABYTE |
4.50% |
|
| Intel |
4.31% |
|
| American Megatrends |
2.54% |
|
| Compaq |
2.35% |
|
| Samsung |
1.37% |
|
| Alienware |
1.17% |
|
| MSI |
0.78% |
|
| Gateway |
0.39% |
|
| Sahara |
0.20% |
|
