× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 319bc6fa3b0c252246b33161bbb1b7bffcd7325664da14b7b8822afba53a2143
File name: cinst.exe
Detection ratio: 0 / 55
Analysis date: 2016-10-11 09:24:53 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware 20161011
AegisLab 20161011
AhnLab-V3 20161011
Alibaba 20161011
ALYac 20161011
Antiy-AVL 20161011
Arcabit 20161011
Avast 20161011
AVG 20161011
Avira (no cloud) 20161011
AVware 20161011
Baidu 20161011
BitDefender 20161011
Bkav 20161008
CAT-QuickHeal 20161010
ClamAV 20161011
CMC 20161011
Comodo 20161011
CrowdStrike Falcon (ML) 20160725
Cyren 20161011
DrWeb 20161011
Emsisoft 20161011
ESET-NOD32 20161011
F-Prot 20161011
F-Secure 20161011
Fortinet 20161011
GData 20161011
Ikarus 20161011
Sophos ML 20160928
Jiangmin 20161011
K7AntiVirus 20161011
K7GW 20161011
Kaspersky 20161011
Kingsoft 20161011
Malwarebytes 20161011
McAfee 20161011
McAfee-GW-Edition 20161011
Microsoft 20161011
eScan 20161011
NANO-Antivirus 20161011
nProtect 20161011
Panda 20161010
Qihoo-360 20161011
Rising 20161011
Sophos AV 20161011
SUPERAntiSpyware 20161011
Symantec 20161011
Tencent 20161015
TheHacker 20161011
TrendMicro 20161011
VBA32 20161010
VIPRE 20161011
ViRobot 20161011
Yandex 20161010
Zillya 20161010
Zoner 20161011
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2011 - Present, RealDimensions Software, LLC - All Rights Reserved.

Product chocolatey
Original name cinst.exe
Internal name cinst.exe
File version 0.9.10.0
Description chocolatey - shim
Comments chocolatey
Signature verification Signed file, verified signature
Signing date 6:26 PM 9/19/2016
Signers
[+] RealDimensions Software
Status Valid
Issuer DigiCert SHA2 Assured ID Code Signing CA
Valid from 1:00 AM 3/24/2016
Valid to 1:00 PM 3/28/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint C9F7FD1A91F078DB6BFCFCCE28B9749F8F2A0C38
Serial number 07 74 66 ED A2 67 6F 3A EC 92 17 D2 30 53 71 10
[+] DigiCert SHA2 Assured ID Code Signing CA
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 PM 10/22/2013
Valid to 1:00 PM 10/22/2028
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 92C1588E85AF2201CE7915E8538B492F605B80C6
Serial number 04 09 18 1B 5F D5 BB 66 75 53 43 B5 6F 95 50 08
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 1:00 AM 10/22/2014
Valid to 1:00 AM 10/22/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-12 14:43:03
Entry Point 0x0000638E
Number of sections 3
.NET details
Module Version ID 3446635b-6fd8-4fa8-81c1-eeb21e61853e
TypeLib ID 6104579d-2ee7-414d-b467-aa4a1e2d440a
PE sections
Overlays
MD5 512e2611b63eb9d7feb90f5f096579ce
File type data
Offset 135168
Size 7312
Entropy 7.16
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 6
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
PE resources
ExifTool file metadata
LegalTrademarks
chocolatey - RealDimensions Software, LLC

SubsystemVersion
4.0

Comments
chocolatey

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.9.10.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
chocolatey - shim

CharacterSet
Unicode

InitializedDataSize
117248

EntryPoint
0x638e

OriginalFileName
cinst.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2011 - Present, RealDimensions Software, LLC - All Rights Reserved.

FileVersion
0.9.10.0

TimeStamp
2016:06:12 15:43:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
cinst.exe

ProductVersion
0.9.10-beta1-435-g00e28e5 - shim 0.7.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
RealDimensions Software, LLC

CodeSize
17408

ProductName
chocolatey

ProductVersionNumber
0.9.10.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.9.10.0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
File identification
MD5 b3fc3cc59b3b0b57928805c69b982876
SHA1 d76565ca57ff1eab49733a6adebfc3d753fca54c
SHA256 319bc6fa3b0c252246b33161bbb1b7bffcd7325664da14b7b8822afba53a2143
ssdeep
3072:yq9aopGGCLOwstyhZFChcssc56FUrgxvbSD4UQrOZ:N914ShcHU1

authentihash 5d1270848bcec3a86287c7d3a6953f2f552a2068ec0804f7fe58e558811b4477
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 139.1 KB ( 142480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit Mono/.Net assembly

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe assembly signed overlay

VirusTotal metadata
First submission 2016-09-19 19:32:54 UTC ( 2 years, 5 months ago )
Last submission 2016-09-19 19:32:54 UTC ( 2 years, 5 months ago )
File names cinst.exe
cinst.exe.old
cinst.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!