» cain20.exe
Overview
Analysis
File Details
Downloads (2)

cain20.exe

This is a setup program which is used to install the application.

File name:

cain20.exe

MD5:

a14185fafc1a0a433752a75c0b8ce15d

SHA-1:

8f310d3becc4d18803af31575e8035b44fe37418

SHA-256:

970fde28edb741dca6f838f55ad56fb4d614f6f7dd6beab25137f5f6535ad81c

Scanner detections:

28 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/24/2024 5:44:53 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Pwcrack.Cain.GQ

1094

AegisLab AV Signature

Packer.Multi.SuspiciousPacker

2.1.4+

AhnLab V3 Security

Win-Trojan/Agent2.M.676652

2014.02.05

Avira AntiVirus

BDS/Cain.2.0

7.11.129.90

avast!

Win32:PUP-gen [PUP]

2014.9-140205

Baidu Antivirus

HackTool.Win32.Cain

4.0.3.1425

Bitdefender

Application.Pwcrack.Cain.GQ

1.0.20.180

Comodo Security

UnclassifiedMalware

17730

ESET NOD32

Win32/CainAbel.AC potentially unsafe application

6.3

Fortinet FortiGate

W32/Cain.20!tr

2/5/2014

F-Prot

W32/MalwareF.CVDK

4.6.5.141

F-Secure

Application.Pwcrack.Cain

11.2014-05-02_4

G Data

Application.Pwcrack.Cain.GQ

14.2.24

IKARUS anti.virus

PSWTool.Cain

t3scan.2.2.29

K7 AntiVirus

Hacktool

13.175.11064

Kaspersky

not-a-virus:PSWTool.Win32.Cain

14.0.0.4356

Malwarebytes

PSWTool.Cain

v2014.02.05.08

McAfee

Generic PUP.g

5600.7228

Microsoft Security Essentials

HackTool:Win32/Cain

1.225.3703.0

MicroWorld eScan

Application.Pwcrack.Cain.GQ

15.0.0.108

NANO AntiVirus

Riskware.Win32.Cain.hrrt

0.28.0.57630

nProtect

Abuse-Worry/W32.Cain.676652

14.02.04.02

Panda Antivirus

Generic Malware

14.02.05.08

Rising Antivirus

PE:Trojan.Win32.Generic.12A32A6E!312683118

23.00.65.14203

Sophos

Troj/Cain-20

4.97

VIPRE Antivirus

Cain & Abel (not malicious)

26134

ViRobot

PSWTool.Cain.676652.A

2011.4.7.4223

XVirus List

Win.Detected

2.3.31

File size:

660.8 KB (676,652 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\cain20.exe

File PE Metadata

Compilation timestamp:

5/27/1997 6:03:53 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

4.20

CTPH (ssdeep):

12288:iBSOEvY6xJk2GcHCuXFb7pDdBaKFJKa1xZ+sOY2mDCE5ktP/wPwr9UlaE4N:ZvY6xrGciqbdjaKFJKaHZ2YZDCES/frT

Entry address:

0x31A0

Entry point:

64, A1, 00, 00, 00, 00, 55, 8B, EC, 6A, FF, 68, 00, 50, 40, 00, 68, 40, 48, 40, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 60, 53, 56, 57, 89, 65, E8, FF, 15, 80, 82, 40, 00, A3, BC, 62, 40, 00, 33, C0, A0, BD, 62, 40, 00, A3, C8, 62, 40, 00, A1, BC, 62, 40, 00, C1, 2D, BC, 62, 40, 00, 10, 25, FF, 00, 00, 00, A3, C4, 62, 40, 00, C1, E0, 08, 03, 05, C8, 62, 40, 00, A3, C0, 62, 40, 00, E8, 9A, 01, 00, 00, 85, C0, 75, 0A, 6A, 1C, E8, 2F, 01, 00, 00, 83, C4, 04, C7, 45, FC, 00, 00, 00, 00, E8, 40, 14, 00, 00... 
[+]

Entropy:

7.9787

Developed / compiled with:

Microsoft Visual C++ v4.2

Code size:

15.5 KB (15,872 bytes)

The file cain20.exe has been seen being distributed by the following 2 URLs.

temp:cain20.exe

http://www.oxid.it/.../cain20.exe

Scan cain20.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.