We checked up the file WINRAR.EXE and found it hazardous.
The file WINRAR.EXE must be deleted from the system immediately.
Kill the process WINRAR.EXE and remove WINRAR.EXE from the Windows startup.
Malware Analysis of WINRAR.EXE
Full path on a computer: %Temp%\winrar.exe
Detected by UnHackMe:
Item Name: 1ce5c21bd74c042cdcd945e699c951c5
Author: Unknown
Related File: %TEMP%\WINRAR.EXE
Type: Registry Run
Item Name: 1ce5c21bd74c042cdcd945e699c951c5.exe
Author: Unknown
Related File: %STARTUP%\1CE5C21BD74C042CDCD945E699C951C5.EXE
Type: Startup Folder
WINRAR.EXE
Default location: %Temp%\winrar.exe
Removal Results: Success
Number of reboot: 1
WINRAR.EXE is known as:
Trojan.Bladabindi, Trojan.Zapchast, Trojan.Msil
WINRAR.EXE hash:
- MD5: e1c333694696ac5788ae7f48bf9a8c22
The file tries to download information from some web sites.
How to quickly detect WINRAR.EXE presence?
![]( "Registry")
Registry:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\1ce5c21bd74c042cdcd945e699c951c5: “”%Temp%\winrar.exe” ..”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\1ce5c21bd74c042cdcd945e699c951c5: “”%Temp%\winrar.exe” ..”
Files:- %Temp%\winrar.exe
- %Temp%\winrar.exe.tmp
- %Startup%\1ce5c21bd74c042cdcd945e699c951c5.exe