How to remove 0322[3].rar

0322[3].rar

The module 0322[3].rar has been detected as Trojan.TrickBot

0322[3].rar
Remove 0322[3].rar

0322[3].rar is a Windows file recorded in the ThreatInfo database. It is associated with IntelliJ Platform. The reported company name is JetBrains s.r.o.. The current detection status is Trojan.TrickBot, based on the latest analysis from 2021-03-16 21:36:18 (5 years ago).

If 0322[3].rar appears on your computer unexpectedly, treat it as suspicious. Check its location, digital signature, and recent system changes before allowing it to run. A full anti-malware scan is recommended when this file is detected as Trojan.TrickBot.

File Details

Product Name: IntelliJ Platform
Company Name: JetBrains s.r.o.
MD5: eeffc2e8026b340857cfe97656151278
Size: 1 MB
First Published: 2018-03-23 08:08:19 (8 years ago)
Latest Published: 2021-03-16 21:36:18 (5 years ago)
Status: Trojan.TrickBot (on last analysis)
Analysis Date: 2021-03-16 21:36:18 (5 years ago)

Common Places:

%windir%
%system%\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5
%sysdrive%\$recycle.bin
%profile%\efault user\local settings\temporary internet files\content.ie5
%system%\config\systemprofile\local settings\temporary internet files\content.ie5
%system%\config\systemprofile\local settings\temporary internet files\content.ie5
%system%\config\systemprofile\local settings\temporary internet files\content.ie5
%windir%
%system%\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5

ThreatInfo has observed 0322[3].rar in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.

File Names:

lsmosee.exe
0322[1].rar
$R7F31GG.exe
0322[2].rar
0322[3].rar

This hash has been seen with multiple file names. Alternate names can appear when software is updated, copied between folders, packed by an installer, or deliberately renamed to avoid recognition. Compare the exact MD5 above before assuming two names refer to the same file.

Geography:

21.6%
13.5%
13.5%
10.8%
10.8%
8.1%
8.1%
5.4%
2.7%
2.7%
2.7%

The strongest geographic signal for this file is Russian Federation with 21.6% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.

OS Version:

Windows 7 68.4%
Windows Server 2008 R2 21.1%
Windows Server 2003 5.3%
Windows XP 5.3%

The most common operating system signal for 0322[3].rar is Windows 7 with 68.4% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.

Analysis

0322[3].rar is identified as pe for 32 systems. The subsystem is Windows CUI. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.

Subsystem: Windows CUI
PE Type: pe
OS Bitness: 32
Image Base: 0x00400000
Entry Address: 0x000106ae

PE Sections:

Name Size of data MD5
326144 7cc33cbbf64720203473b6d339859927
88064 c6ed9aa4e7da5dbbfedcbee9ec9787f8
17920 4a8889b4fc992f763256cc06c12053dd
512 53c2143d0572fcdbfa18db3676cd70a7
1536 ac3e7931c404e93390beb5e74eafbf01
512 255d9a99451394bc12567381ea8f0411
25088 155f480749935dbf80745c996e85c327
.rsrc 2560 3a5a0b5f28d864fee08fc1cdb270a735
178688 93641d1aebea9810aa65bdc38ef39ce4
.data 900096 c87c135373a30d19305139ec2c67f87f

PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.

More information:

Search on Virustotal
Download GridinSoft Anti-Malware - Removal tool for 0322[3].rar
copyright for information about 0322[3].rar