ThreatExpert Report

Submission Summary:

Submission details:

Submission received: 18 June 2009, 05:00:05
Processing time: 6 min 4 sec
Submitted sample:

File MD5: 0x9AC5A4D6DC9B18C9B580F7C8B0BAC5F5
File SHA-1: 0xFE2B35CF87FCADBFF5576D817C3741FB4F4A492D
Filesize: 1,234,510 bytes

Summary of the findings:

What's been found	Severity Level
Registers a 32-bit in-process server DLL.

Technical Details:

The new window was created, as shown below:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash
1	%CommonPrograms%\WinRAR\Console RAR manual.lnk %Programs%\WinRAR\Console RAR manual.lnk	685 bytes	MD5: 0x5CC92F9B5933FC98C88D74FD1C556B8B SHA-1: 0x1575CCECF080E2EC7073885FC1FB30DB7C666CF0
2	%CommonPrograms%\WinRAR\WinRAR help.lnk %Programs%\WinRAR\WinRAR help.lnk	704 bytes	MD5: 0xA7647C6BB06309F5C6BAED635FA612AB SHA-1: 0xBAB061A10197039814F1D0C0507D95E9A359A121
3	%CommonPrograms%\WinRAR\WinRAR.lnk	704 bytes	MD5: 0xEC89BA2F30D989102CC0DD76F132AE9D SHA-1: 0x09F24B14B5993C6D346D25BFB40146F98C705704
4	%Programs%\WinRAR\WinRAR.lnk	704 bytes	MD5: 0x22B8DCBC7743C4386E6316C941444029 SHA-1: 0x2C12D7D9CF4B534643B4679D6A1E0E0EA1B433C6
5	%ProgramFiles%\WinRAR\Default.SFX	104,448 bytes	MD5: 0xA70A0C64D38CB274331F9488445A68F2 SHA-1: 0xEE76A3ADB2F7B1716D34E08641AA34C6D3A460B1
6	%ProgramFiles%\WinRAR\Descript.ion	1,063 bytes	MD5: 0xB63259E35240A56947AC7D8B9E720EA0 SHA-1: 0x7EF21E641B5C40703E75C86CF1214AEE9CEC4566
7	%ProgramFiles%\WinRAR\File_Id.diz	502 bytes	MD5: 0xC764040BDA6A3183A5898F88B0434CA4 SHA-1: 0x9420F277309DFC012F76168F50A26C505937AB3E
8	%ProgramFiles%\WinRAR\Formats\7z.fmt	89,088 bytes	MD5: 0x0977E124C0054BB0C1C710A0CFA21A42 SHA-1: 0x3D16A4B7CBD6AC44CFDB25A1F50C56828FD53255
9	%ProgramFiles%\WinRAR\Formats\7zxa.dll	163,328 bytes	MD5: 0x71FD74DF7BF558F85462C60A40B4AC92 SHA-1: 0x55A03EB940B5D2159B5AB62C3F6BE066424E8686
10	%ProgramFiles%\WinRAR\Formats\ace.fmt	56,832 bytes	MD5: 0xC2B3E1D610CA6499AD1BF1C8E71ADB0A SHA-1: 0x363C569F98225D510DEAB6FF8D548D2F7D12BCD6
11	%ProgramFiles%\WinRAR\Formats\arj.fmt	53,248 bytes	MD5: 0x6AA042E75E676C421D9BFCBE5BAA171F SHA-1: 0x26A7FBF32F618EE3D6E66BF9C9ECB304CFE53456
12	%ProgramFiles%\WinRAR\Formats\bz2.fmt	74,752 bytes	MD5: 0x98C6F0EEB717DBDA5F419FAA28F0FCF5 SHA-1: 0xA0D57E6B050FBEF7A2CC3806CE7A3D2B4913504C
13	%ProgramFiles%\WinRAR\Formats\cab.fmt	51,200 bytes	MD5: 0x060F196677E5B099F3DF3447BC751D07 SHA-1: 0x22C66046F921429A8B58A617E8EDAF387A408443
14	%ProgramFiles%\WinRAR\Formats\gz.fmt	64,000 bytes	MD5: 0x011B577685DBB23D2F39D94C4AE7859A SHA-1: 0x71044601CB7EAADA762D34448C531C0D2FA3D8AA
15	%ProgramFiles%\WinRAR\Formats\iso.fmt	73,728 bytes	MD5: 0xE30A9FD41FF1567F39BB929A52CD32C3 SHA-1: 0x2D22C5648F9ACC7B5675179229B69B384CDCC591
16	%ProgramFiles%\WinRAR\Formats\lzh.fmt	58,368 bytes	MD5: 0xE63646F82FFBB3433DF965421337B506 SHA-1: 0xCA76A20A781FC41712C84B413952460DDBCD7866
17	%ProgramFiles%\WinRAR\Formats\tar.fmt	55,296 bytes	MD5: 0xFCFC2C0A30F92BCB2963FF9745AFA5AB SHA-1: 0xFFD21ABC1C43B82D913B80384BB2FC26A9A60729
18	%ProgramFiles%\WinRAR\Formats\UNACEV2.DLL	77,312 bytes	MD5: 0xDE02C4D04088B69E64ECC30A3D9E22E5 SHA-1: 0xA5F66D420B6A6EBB04242FB85CA462A99DBF89B6
19	%ProgramFiles%\WinRAR\Formats\uue.fmt	48,128 bytes	MD5: 0xE33FF0C8D104F0EE4AA5977152E7E256 SHA-1: 0x03A93E4BCF33F9E860013D1BDCB5873EA4A30574
20	%ProgramFiles%\WinRAR\Formats\z.fmt	59,392 bytes	MD5: 0x7230D7F581CEF4B832845ACCD36BFB18 SHA-1: 0x1643A8155913DFC2719D143C57C5F208CD3F1CFB
21	%ProgramFiles%\WinRAR\License.txt	6,428 bytes	MD5: 0x62037EF975F0100AC52C9922BCA52934 SHA-1: 0x57F3A134F99940A40271FB7A515FE1C240D10782
22	%ProgramFiles%\WinRAR\Order.htm	3,271 bytes	MD5: 0x3458285036E0F1B8B5A66C4957028640 SHA-1: 0x43304D07209E2010E838ECD7F855FAFDB83F3750
23	%ProgramFiles%\WinRAR\Rar.exe	323,072 bytes	MD5: 0x073AD45909545C33219FB92A0CBC5D41 SHA-1: 0xF11979641099B87D490554EF148F8AC1A6637131
24	%ProgramFiles%\WinRAR\Rar.txt	72,962 bytes	MD5: 0xC899F5D4A8BB692E18E0BD0E5663E398 SHA-1: 0xA675A344C41182613832DEDBE85267A1FFC948DF
25	%ProgramFiles%\WinRAR\RarExt.dll	132,608 bytes	MD5: 0xF11FE030158F8EF14A56A3EA9E9BD47D SHA-1: 0x296EDF96A038E476EF8B6151D02CCCEEFE2B04D9
26	%ProgramFiles%\WinRAR\RarExt64.dll	62,464 bytes	MD5: 0x0392C4FCE14E23040B5ACE69672A03BD SHA-1: 0x185615223D79B7FBA4A6B206696361D167E8855D
27	%ProgramFiles%\WinRAR\RarExtLoader.exe	44,032 bytes	MD5: 0x30108227F4B8533FA3955306747F93F4 SHA-1: 0x2574444FF72481119E65E618D318533A81C523FC
28	%ProgramFiles%\WinRAR\RarFiles.lst	1,088 bytes	MD5: 0xAF5604FF198E4B40AF78F9B71B649AF7 SHA-1: 0x6D717D9125FA86240D99767815660122CBE3EEDC
29	%ProgramFiles%\WinRAR\rarnew.dat	20 bytes	MD5: 0xAD08FE53A5E484EA568D60544EF3F05C SHA-1: 0x18629208273779DFA28472D5DA28542B69B4DFD2
30	%ProgramFiles%\WinRAR\RarReg.key	476 bytes	MD5: 0xEE3C1A98D289A5CB4D64AC78B56DB67C SHA-1: 0xAB64E549A5B47EBF5049A8BCF195C2054DA9BB62
31	%ProgramFiles%\WinRAR\ReadMe.txt	1,687 bytes	MD5: 0x383CB29E528FEAEAC24D9CFA539D1A18 SHA-1: 0x95C53F41F06D481F8920A391D7604509E4DCAFC6
32	%ProgramFiles%\WinRAR\TechNote.txt	9,232 bytes	MD5: 0xFC44FD46BD957036B8500A528C32E21E SHA-1: 0xE5F1EB91DFA276E4659F93CF4BF0372E81086707
33	%ProgramFiles%\WinRAR\Uninstall.exe	100,864 bytes	MD5: 0x3E20C4B85982E3CBD7655659A6800FC7 SHA-1: 0xC47A37416AC19089E8CBFD1B7BFC397D3F51FC51
34	%ProgramFiles%\WinRAR\Uninstall.lst	639 bytes	MD5: 0xA85E009B4BB2982912D5E589938F6CD6 SHA-1: 0x51A2A8D9B93C3D29D019C54142A9B427F77494D7
35	%ProgramFiles%\WinRAR\UnRAR.exe	204,800 bytes	MD5: 0xB836BA4579DE0FADD1142CC47A3AF756 SHA-1: 0x7ACF566E8637A83139ED2EE29261D993D3DF80E4
36	%ProgramFiles%\WinRAR\UnrarSrc.txt	90 bytes	MD5: 0xC16BB921C05AF38382F946386224B1EC SHA-1: 0xE2B525E01A20F007EDFC50935DD1493A9079270A
37	%ProgramFiles%\WinRAR\WhatsNew.txt	11,234 bytes	MD5: 0xCBD2B85BA896028512533194C9127E10 SHA-1: 0x4EB4F10E151E4170160F329867F7A2C21E672ED9
38	%ProgramFiles%\WinRAR\WinCon.SFX	81,408 bytes	MD5: 0x4C1D7F356B7DAB5B2461AE8CD0B774C6 SHA-1: 0xCA608371054EF9702B547947E37C2D6E39C95632
39	%ProgramFiles%\WinRAR\WinRAR.chm	254,538 bytes	MD5: 0xDFBFAE70B02EF5B39AC362E3D184E1A2 SHA-1: 0x1D460EF381239BFD9FBD841C77C7834E08A4716B
40	%ProgramFiles%\WinRAR\WinRAR.exe	968,704 bytes	MD5: 0x6557B0AF58F2E4F440A18F200CF95EF9 SHA-1: 0x795B6AF4EB867DE620318E8061991E56B46DDDF3
41	%ProgramFiles%\WinRAR\Zip.SFX	68,096 bytes	MD5: 0xFE352F539E2B5134567ECE8E4F5BFD36 SHA-1: 0x39ABCA4F0E2093156FD1CEF7E2784A180EA7C87F
42	%ProgramFiles%\WinRAR\zipnew.dat	22 bytes	MD5: 0x76CDB2BAD9582D23C1F6F4D868218D6C SHA-1: 0xB04F3EE8F5E43FA3B162981B50BB72FE1ACABB33
43	[file and pathname of the sample #1]	1,234,510 bytes	MD5: 0x9AC5A4D6DC9B18C9B580F7C8B0BAC5F5 SHA-1: 0xFE2B35CF87FCADBFF5576D817C3741FB4F4A492D

Notes:

%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%Programs% is a variable that refers to the file system directory that contains the user's program groups. A typical path is C:\Documents and Settings\[UserName]\Start Menu\Programs.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.

The following directories were created:

%CommonPrograms%\WinRAR
%Programs%\WinRAR
%ProgramFiles%\WinRAR
%ProgramFiles%\WinRAR\Formats

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
uninstall.exe	%ProgramFiles%\WinRAR\uninstall.exe	139,264 bytes
[filename of the sample #1]	[file and pathname of the sample #1]	118,784 bytes

Registry Modifications

The following Registry Keys were created:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.zip\ShellNew
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\WinRAR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.7z
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.arj
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bz
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bz2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.iso
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lha
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lzh
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r00
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r01
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r02
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r03
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r04
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r05
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r06
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r07
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r08
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r09
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r10
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r11
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r12
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r13
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r14
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r15
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r16
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r17
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r18
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r19
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r20
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r21
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r22
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r23
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r24
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r25
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r26
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r27
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r28
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r29
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.rar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.rar\ShellNew
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.rev
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.taz
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.tbz
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.tbz2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.uu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.uue
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xxe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR\shell\open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR\shellex
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR.REV
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR.REV\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR.REV\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR.ZIP
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR.ZIP\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WRTE.Document.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WRTE.Document.1\UID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver
HKEY_CURRENT_USER\Software\WinRAR
HKEY_CURRENT_USER\Software\WinRAR\Setup
HKEY_CURRENT_USER\Software\WinRAR\Setup\.7z
HKEY_CURRENT_USER\Software\WinRAR\Setup\.ace
HKEY_CURRENT_USER\Software\WinRAR\Setup\.arj
HKEY_CURRENT_USER\Software\WinRAR\Setup\.bz
HKEY_CURRENT_USER\Software\WinRAR\Setup\.bz2
HKEY_CURRENT_USER\Software\WinRAR\Setup\.cab
HKEY_CURRENT_USER\Software\WinRAR\Setup\.gz
HKEY_CURRENT_USER\Software\WinRAR\Setup\.iso

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR]

(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.gz]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.tar]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.tgz]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.z]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.zip\ShellNew]

FileName = "%ProgramFiles%\WinRAR\zipnew.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InProcServer32]

(Default) = "%ProgramFiles%\WinRAR\rarext.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR]

(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\WinRAR]

(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR]

(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}]

(Default) = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR]

(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR]

(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.7z]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ace]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.arj]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bz]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bz2]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.iso]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jar]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lha]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lzh]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r00]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r01]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r02]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r03]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r04]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r05]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r06]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r07]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r08]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r09]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r10]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r11]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r12]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r13]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r14]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r15]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r16]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r17]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r18]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r19]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r20]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r21]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r22]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r23]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r24]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r25]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r26]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r27]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r28]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.r29]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.rar\ShellNew]

FileName = "%ProgramFiles%\WinRAR\rarnew.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.rar]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.rev]

(Default) = "WinRAR.REV"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.taz]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.tbz]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.tbz2]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.uu]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.uue]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xxe]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command]

(Default) = ""%ProgramFiles%\WinRAR\WinRAR.exe" "%1""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}]

(Default) = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}]

(Default) = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler]

(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR\DefaultIcon]

(Default) = "%ProgramFiles%\WinRAR\WinRAR.exe,0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR]

(Default) = "WinRAR archive"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open\command]

(Default) = ""%ProgramFiles%\WinRAR\WinRAR.exe" "%1""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR.REV\DefaultIcon]

(Default) = "%ProgramFiles%\WinRAR\WinRAR.exe,1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR.REV]

(Default) = "RAR recovery volume"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open\command]

(Default) = ""%ProgramFiles%\WinRAR\WinRAR.exe" "%1""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}]

(Default) = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}]

(Default) = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler]

(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR.ZIP\DefaultIcon]

(Default) = "%ProgramFiles%\WinRAR\WinRAR.exe,0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR.ZIP]

(Default) = "WinRAR ZIP archive"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WRTE.Document.1\UID]

Frame13 = "setup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

{B41DB860-8EE4-11D2-9906-E49FADC173CA} = "WinRAR shell extension"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver]

DisplayName = "WinRAR archiver"
UninstallString = "%ProgramFiles%\WinRAR\uninstall.exe"
DisplayIcon = "%ProgramFiles%\WinRAR\WinRAR.exe"
NoModify = 0x00000001
NoRepair = 0x00000001

[HKEY_CURRENT_USER\Software\WinRAR\Setup\Links]

Desktop = 0x00000000
StartMenu = 0x00000000
Programs = 0x00000001

[HKEY_CURRENT_USER\Software\WinRAR\Setup\.zip]

Set = 0x00000001
Exist = 0x00000001
Type = "CompressedFolder"
Content = "application/x-zip-compressed"
ShellNew = ""

[HKEY_CURRENT_USER\Software\WinRAR\Setup\.z]

Set = 0x00000001
Exist = 0x00000001
Type = ""
Content = "application/x-compress"
ShellNew = ""

[HKEY_CURRENT_USER\Software\WinRAR\Setup\.xxe]

Exist = 0x00000000
Type = ""

The following Registry Values were deleted:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.gz]

Content Type = "application/x-gzip"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.tar]

Content Type = "application/x-tar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.tgz]

Content Type = "application/x-compressed"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.z]

Content Type = "application/x-compress"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.zip]

Content Type = "application/x-zip-compressed"

The following Registry Values were modified:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cab]

(Default) = "WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.zip]

(Default) = "WinRAR.ZIP"

Other details

Analysis of the file resources indicate the following possible country of origin:

Russian Federation

To mark the presence in the system, the following Mutex object was created:

_SHuassist.mtx

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.