× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a934abd9613740403ccb498d45150f0bba5b56d71d375bdf8dd7bc962d4efefa
File name: cinst.exe
Detection ratio: 0 / 62
Analysis date: 2017-03-24 19:00:47 UTC ( 1 year, 8 months ago )
Antivirus Result Update
Ad-Aware 20170324
AegisLab 20170324
AhnLab-V3 20170324
Alibaba 20170324
ALYac 20170324
Antiy-AVL 20170324
Arcabit 20170324
Avast 20170324
AVG 20170324
Avira (no cloud) 20170324
AVware 20170324
Baidu 20170323
BitDefender 20170324
Bkav 20170324
CAT-QuickHeal 20170324
ClamAV 20170324
CMC 20170324
Comodo 20170324
CrowdStrike Falcon (ML) 20170130
Cyren 20170324
DrWeb 20170324
Emsisoft 20170324
Endgame 20170317
ESET-NOD32 20170324
F-Prot 20170324
F-Secure 20170324
Fortinet 20170324
GData 20170324
Ikarus 20170324
Sophos ML 20170203
Jiangmin 20170324
K7AntiVirus 20170324
K7GW 20170324
Kaspersky 20170324
Kingsoft 20170324
Malwarebytes 20170324
McAfee 20170324
McAfee-GW-Edition 20170324
Microsoft 20170324
eScan 20170324
NANO-Antivirus 20170324
nProtect 20170324
Palo Alto Networks (Known Signatures) 20170324
Panda 20170324
Qihoo-360 20170324
Rising None
SentinelOne (Static ML) 20170315
Sophos AV 20170324
SUPERAntiSpyware 20170324
Symantec 20170324
Symantec Mobile Insight 20170324
Tencent 20170324
TheHacker 20170321
TotalDefense 20170324
TrendMicro 20170324
TrendMicro-HouseCall 20170324
Trustlook 20170324
VBA32 20170324
VIPRE 20170324
ViRobot 20170324
Webroot 20170324
WhiteArmor 20170315
Yandex 20170323
Zillya 20170323
ZoneAlarm by Check Point 20170324
Zoner 20170324
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright © 2013 - Present RealDimensions Software, LLC

Product ShimGen generated shim
Original name cinst.exe
Internal name cinst.exe
File version 0.5.1.0
Description ShimGen generated shim
Comments This is a shim that points to a particular file. It was generated by ShimGen (Shim Generator). The use of shimgen must comply with its proprietary license.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-07 00:11:37
Entry Point 0x0000638E
Number of sections 3
.NET details
Module Version ID be32aef8-0022-458d-b55a-3cd754df34da
TypeLib ID 6104579d-2ee7-414d-b467-aa4a1e2d440a
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This is a shim that points to a particular file. It was generated by ShimGen (Shim Generator). The use of shimgen must comply with its proprietary license.

InitializedDataSize
7168

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.5.1.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
ShimGen generated shim

CharacterSet
Unicode

LinkerVersion
11.0

EntryPoint
0x638e

OriginalFileName
cinst.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2013 - Present RealDimensions Software, LLC

FileVersion
0.5.1.0

TimeStamp
2015:03:07 01:11:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
cinst.exe

ProductVersion
0.5.1.4d3409c9

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
RealDimensions Software, LLC

CodeSize
17408

ProductName
ShimGen generated shim

ProductVersionNumber
0.5.1.4

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.5.1.0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Compressed bundles
File identification
MD5 ee5a4885acf64550a9138a03dd8c72f6
SHA1 314df7bdc96f039f4e2f1fc5de3d1c84c1452558
SHA256 a934abd9613740403ccb498d45150f0bba5b56d71d375bdf8dd7bc962d4efefa
ssdeep
384:k+nqkSInmPh20cWgrO9UNixr0XXxhtGSGNZxbbbbGbZY4he9LL:RnXnmPsrq9iGNZxbbbbGbO4h6L

authentihash fe9981a21cd80f4bedc2cb7ee266770178b6fe1790a31c51dd5efd281a782676
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 24.5 KB ( 25088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (63.1%)
Win64 Executable (generic) (23.8%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.7%)
Tags
peexe assembly

VirusTotal metadata
First submission 2015-03-09 17:21:08 UTC ( 3 years, 9 months ago )
Last submission 2015-03-09 17:21:08 UTC ( 3 years, 9 months ago )
File names dss_4925570287757803675.vq4uq3
cinst.exe
cinst.exe
dss_4676322324244315086.5r2atx
cinst.exe
dss_4956518482730315924.xa7zgb
cinst.exe
dss_5124912558214079759.8eer5i
dss_4926968391772113965.2hlke5
cinst.exe.old
dss_4663308692142744199.aca0pp
dss_4817288091801747814.bvkksp
dss_4738471663359938263.qnb7bv
cinst.exe
cinst.exe
cinst.exe
87edcd64-81da-426b-bd61-b14078e40bfe_1d2ab0ea6532868
cinst.exe
cinst.exe
dss_5631738961001931241.xqiybq
cinst.exe.9740_1.36360.partial
cinst.exe
dss_4688921597054921402.trmb5h
dss_5331107636821486981.urfkmn
dss_5709709152730742086.c9tvz4
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!