× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 19bb1a05791ee90485a12918e2e763bd10fda86425694ce42ca1c0c25bf51847
File name: CyberGhost VPN.exe
Detection ratio: 2 / 54
Analysis date: 2016-02-10 05:42:06 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160209
Zillya Trojan.SecurityShield.Win32.4823 20160209
Ad-Aware 20160210
AegisLab 20160210
Yandex 20160209
AhnLab-V3 20160209
Alibaba 20160204
Antiy-AVL 20160210
Arcabit 20160210
Avast 20160210
AVG 20160210
Avira (no cloud) 20160210
Baidu-International 20160209
BitDefender 20160210
Bkav 20160204
ByteHero 20160210
CAT-QuickHeal 20160210
ClamAV 20160210
CMC 20160205
Comodo 20160209
Cyren 20160210
DrWeb 20160210
Emsisoft 20160210
ESET-NOD32 20160210
F-Prot 20160210
F-Secure 20160210
Fortinet 20160210
GData 20160210
Ikarus 20160210
Jiangmin 20160210
K7AntiVirus 20160209
K7GW 20160210
Kaspersky 20160210
Malwarebytes 20160210
McAfee 20160210
McAfee-GW-Edition 20160210
Microsoft 20160210
eScan 20160210
NANO-Antivirus 20160210
nProtect 20160205
Panda 20160208
Qihoo-360 20160210
Sophos AV 20160210
SUPERAntiSpyware 20160210
Symantec 20160209
Tencent 20160210
TheHacker 20160208
TotalDefense 20160210
TrendMicro 20160210
TrendMicro-HouseCall 20160210
VBA32 20160209
VIPRE 20160210
ViRobot 20160210
Zoner 20160210
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
mobile concepts GmbH

Product CyberGhost VPN
File version 1.0.0.0
Description CyberGhost VPN - Webinstaller
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x001CBF20
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
ImageList_Add
GetSaveFileNameA
SaveDC
CoInitialize
VariantCopy
OleLoadPicture
ShellExecuteA
VerQueryValueA
Number of PE resources by type
RT_BITMAP 43
RT_STRING 40
RT_GROUP_CURSOR 9
RT_CURSOR 9
RT_ICON 6
RT_RCDATA 5
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 103
GERMAN 12
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
110592

ImageVersion
0.0

ProductName
CyberGhost VPN

FileVersionNumber
1.0.0.0

UninitializedDataSize
1269760

LanguageCode
German

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.0

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

FileDescription
CyberGhost VPN - Webinstaller

OSVersion
4.0

FileOS
Win32

LegalCopyright
mobile concepts GmbH

MachineType
Intel 386 or later, and compatibles

CompanyName
mobile concepts GmbH

CodeSize
614400

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x1cbf20

ObjectFileType
Executable application

File identification
MD5 57c469f23b012eab249174b0aefb7bac
SHA1 f2d0dcb04b1011849e08b9a1aa897503ccb22d08
SHA256 19bb1a05791ee90485a12918e2e763bd10fda86425694ce42ca1c0c25bf51847
ssdeep
12288:VYr78QV1q6XEHjxa84YQ65FQLcCxB2FgUBVDZbU4xC78P:V64blYEQwuKBVDZgr78P

authentihash c33f73cbd219358e646da67b11c82a7d2b35aa3953717dc86c64f520332078eb
imphash 76d0ae513220c0866af4075ca39bf4fd
File size 705.5 KB ( 722432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (40.8%)
Win32 EXE Yoda's Crypter (40.1%)
Win32 Executable (generic) (6.8%)
Win16/32 Executable Delphi generic (3.1%)
OS/2 Executable (generic) (3.0%)
Tags
peexe upx

VirusTotal metadata
First submission 2008-03-14 03:37:35 UTC ( 11 years ago )
Last submission 2018-04-24 20:46:18 UTC ( 11 months ago )
File names smona132017162395260964675
TXTFPCCP.exe
CGWebInstall.exe
1285531203-CGWebInstall.exe
442108
19BB1A05791EE90485A12918E2E763BD10FDA86425694CE42CA1C0C25BF51847.exe
output.10239694.txt
smona131331834184384130696
19BB1A05791EE90485A12918E2E763BD10FDA86425694CE42CA1C0C25BF51847.exe
file-3058420_exe
smona132417350726419257704
smona131153461431364400065
10239694
57C469F23B012EAB249174B0AEFB7BAC
CyberGhost VPN.exe
vpn.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!