× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ca823ec28b078f3908c5a10cbef51a901ebc9e210d1162ffea92a92397dee6e4
File name: cipher
Detection ratio: 42 / 51
Analysis date: 2014-03-27 11:24:11 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.KD.828539 20140327
AhnLab-V3 Trojan/Win32.PornoAsset 20140327
AntiVir TR/Crypt.XPACK.Gen 20140327
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140327
Avast Win32:MalOb-LF [Trj] 20140327
AVG Crypt.BMQI 20140327
BitDefender Trojan.Generic.KD.828539 20140327
Bkav W32.Clod887.Trojan.fa09 20140327
CAT-QuickHeal Worm.Gamarue.B 20140327
CMC Packed.Win32.XpackX.3!O 20140326
Commtouch W32/Zbot.JB.gen!Eldorado 20140327
Comodo UnclassifiedMalware 20140327
DrWeb Trojan.PWS.Panda.2401 20140327
Emsisoft Trojan.Generic.KD.828539 (B) 20140327
ESET-NOD32 Win32/Spy.Zbot.AAO 20140327
F-Prot W32/Zbot.JB.gen!Eldorado 20140327
F-Secure Trojan.Generic.KD.828539 20140327
Fortinet W32/Zbot.ANQ!tr 20140327
GData Trojan.Generic.KD.828539 20140327
Ikarus Trojan-Ransom.Win32.PornoAsset 20140327
Jiangmin TrojanSpy.Zbot.czxi 20140327
K7AntiVirus EmailWorm ( 003247681 ) 20140326
K7GW EmailWorm ( 003247681 ) 20140326
Kaspersky HEUR:Trojan.Win32.Generic 20140327
Kingsoft Win32.Troj.Zbot.ie.(kcloud) 20140327
Malwarebytes Trojan.Zbot 20140327
McAfee Generic-FAJN!EE4F773DC187 20140327
McAfee-GW-Edition Generic-FAJN!EE4F773DC187 20140327
Microsoft PWS:Win32/Zbot 20140327
eScan Trojan.Generic.KD.828539 20140327
NANO-Antivirus Trojan.Win32.Obfuscate.bexujb 20140327
Norman Kryptik.BDQI 20140327
nProtect Trojan.Generic.KD.828539 20140327
Panda Trj/Genetic.gen 20140327
Qihoo-360 HEUR/Malware.QVM20.Gen 20140327
Sophos AV Mal/ZboCheMan-D 20140327
Symantec Packed.Generic.398 20140327
TheHacker Trojan/Kryptik.asbe 20140327
TrendMicro TSPY_ZBOT.BKA 20140327
TrendMicro-HouseCall TSPY_ZBOT.BKA 20140327
VBA32 SScope.Backdoor.IRCBot.3013 20140326
VIPRE Virtool.Win32.Obfuscator.acp (v) 20140326
AegisLab 20140327
Yandex 20140326
Baidu-International 20140327
ByteHero 20140327
ClamAV 20140327
Rising 20140327
SUPERAntiSpyware 20140327
TotalDefense 20140326
ViRobot 20140327
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Windows® Operating System
Original name CIPHER.EXE
Internal name cipher
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description File Encryption Utility
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-03-06 15:06:48
Entry Point 0x000042B6
Number of sections 10
PE sections
PE imports
lstrcpyW
StrToIntA
GetKeyState
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:03:06 16:06:48+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
30720

LinkerVersion
11.0

FileAccessDate
2014:03:27 12:24:01+01:00

Warning
Error processing PE data dictionary

EntryPoint
0x42b6

InitializedDataSize
179200

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2014:03:27 12:24:01+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 ee4f773dc18763afb9b04bf9bc8c9133
SHA1 6dc98909d5d33e294649d180d36f06bbcc265b0a
SHA256 ca823ec28b078f3908c5a10cbef51a901ebc9e210d1162ffea92a92397dee6e4
ssdeep
3072:rq2UahTOMPmE22w13mEHHgl/My/wDrHe8YT77gIlZXRBQaUfSm/VRjZ48uIK4A:OnahTRuES3mkAZMhCT7nXRg1/VRjru

imphash f7346febbe4008d8a4a11c2c8e335cc1
File size 206.0 KB ( 210944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-01-17 03:51:28 UTC ( 5 years, 10 months ago )
Last submission 2013-01-19 22:22:05 UTC ( 5 years, 10 months ago )
File names 41rHNV.pps
CIPHER.EXE
ee4f773dc18763afb9b04bf9bc8c9133
87408c2fceabd40874fc2b161c962e12b9389184
aa
cipher
ee4f773dc18763afb9b04bf9bc8c9133
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!