cain20.exe

This is a setup program which is used to install the application.
MD5:
a14185fafc1a0a433752a75c0b8ce15d

SHA-1:
8f310d3becc4d18803af31575e8035b44fe37418

SHA-256:
970fde28edb741dca6f838f55ad56fb4d614f6f7dd6beab25137f5f6535ad81c

Scanner detections:
28 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/23/2024 3:32:57 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Pwcrack.Cain.GQ
1094

AegisLab AV Signature
Packer.Multi.SuspiciousPacker
2.1.4+

AhnLab V3 Security
Win-Trojan/Agent2.M.676652
2014.02.05

Avira AntiVirus
BDS/Cain.2.0
7.11.129.90

avast!
Win32:PUP-gen [PUP]
2014.9-140205

Baidu Antivirus
HackTool.Win32.Cain
4.0.3.1425

Bitdefender
Application.Pwcrack.Cain.GQ
1.0.20.180

Comodo Security
UnclassifiedMalware
17730

ESET NOD32
Win32/CainAbel.AC potentially unsafe application
6.3

Fortinet FortiGate
W32/Cain.20!tr
2/5/2014

F-Prot
W32/MalwareF.CVDK
4.6.5.141

F-Secure
Application.Pwcrack.Cain
11.2014-05-02_4

G Data
Application.Pwcrack.Cain.GQ
14.2.24

IKARUS anti.virus
PSWTool.Cain
t3scan.2.2.29

K7 AntiVirus
Hacktool
13.175.11064

Kaspersky
not-a-virus:PSWTool.Win32.Cain
14.0.0.4356

Malwarebytes
PSWTool.Cain
v2014.02.05.08

McAfee
Generic PUP.g
5600.7228

Microsoft Security Essentials
HackTool:Win32/Cain
1.225.3703.0

MicroWorld eScan
Application.Pwcrack.Cain.GQ
15.0.0.108

NANO AntiVirus
Riskware.Win32.Cain.hrrt
0.28.0.57630

nProtect
Abuse-Worry/W32.Cain.676652
14.02.04.02

Panda Antivirus
Generic Malware
14.02.05.08

Rising Antivirus
PE:Trojan.Win32.Generic.12A32A6E!312683118
23.00.65.14203

Sophos
Troj/Cain-20
4.97

VIPRE Antivirus
Cain & Abel (not malicious)
26134

ViRobot
PSWTool.Cain.676652.A
2011.4.7.4223

XVirus List
Win.Detected
2.3.31

File size:
660.8 KB (676,652 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\cain20.exe

File PE Metadata
Compilation timestamp:
5/27/1997 6:03:53 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
4.20

CTPH (ssdeep):
12288:iBSOEvY6xJk2GcHCuXFb7pDdBaKFJKa1xZ+sOY2mDCE5ktP/wPwr9UlaE4N:ZvY6xrGciqbdjaKFJKaHZ2YZDCES/frT

Entry address:
0x31A0

Entry point:
64, A1, 00, 00, 00, 00, 55, 8B, EC, 6A, FF, 68, 00, 50, 40, 00, 68, 40, 48, 40, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 60, 53, 56, 57, 89, 65, E8, FF, 15, 80, 82, 40, 00, A3, BC, 62, 40, 00, 33, C0, A0, BD, 62, 40, 00, A3, C8, 62, 40, 00, A1, BC, 62, 40, 00, C1, 2D, BC, 62, 40, 00, 10, 25, FF, 00, 00, 00, A3, C4, 62, 40, 00, C1, E0, 08, 03, 05, C8, 62, 40, 00, A3, C0, 62, 40, 00, E8, 9A, 01, 00, 00, 85, C0, 75, 0A, 6A, 1C, E8, 2F, 01, 00, 00, 83, C4, 04, C7, 45, FC, 00, 00, 00, 00, E8, 40, 14, 00, 00...
 
[+]

Entropy:
7.9787

Developed / compiled with:
Microsoft Visual C++ v4.2

Code size:
15.5 KB (15,872 bytes)

The file cain20.exe has been seen being distributed by the following 2 URLs.

temp:cain20.exe

Scan cain20.exe - Powered by Reason Core Security