WinRAR Italy hacked: eye to executables downloaded in recent days

How do you think CIS would have behaved?

Would he have recognized the ransoware?
If so with which module (AV, sandbox)?

Iโ€™m curious about what you think. :smiley:

Thank you! :wink:

I am wondering if the installer was signed or not and I donโ€™t feel like typing the SHA256 file hash in the search field of VT to find out. It is too much typing with plenty possibility to make one or more typos.

To whom is curious:

That is not the installer that the hacked site was serving, in fact that one is the legit installer, the executable that was being served at the time is this one VirusTotal. I donโ€™t know why the article is showing the VT results of the clean installer.

To answer the OP question, it would depend on what CIS settings it used, but most likely it would be auto-contained.