if WinRAR is in NullsoftInstaller, then... should be malware
ehm, malware hunt is so easy..
torrent:
magnet:?xt=urn:btih:PA7GLNF6CKG2YK7RM6BB7GOENR2AWQOD

extract from Resource.

passw:
malware

not detected on Avira,might be interesting

Howdy,

Comodo and Clamwin dont have a problem with it BUT,
Why is it trying to visit this IP 64.79.79.227 ?

Woodmann

Man, this thing's full of all kinds of shite. If you were to trace through it you'd see the strings decrypting and there's a reference to megabyet.net, which is a free web hosting site, IP 64.79.79.227. Looks for /patch2/update.php, 2NKstep1-auto and a bunch of other crap.

Not too interesting by itself I think, but might be if allowed to download the rest of its payload. There's a DeviceIoControl call that might expose an interesting driver somewhere in the mix...

nah, it collects info about your PC.
DevicedIOControl used for get HD-serial.. NetCard...