» CinemaNowShell.EXE
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

CinemaNowShell.EXE

CinemaNow Media Manager

Cinemanow, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘CinemaNowMediaManagerApp’. This is installed with CinemaNow Media Manager.

File name:

CinemaNowShell.EXE

Publisher:

CinemaNow Inc. (signed by Cinemanow, Inc.)

Product:

CinemaNow Media Manager

Version:

1, 5, 0, 23

MD5:

d58962ca7804c47f7a376dee1556e257

SHA-1:

efca5225b6606e43b05344e12829241a78db5930

SHA-256:

1ea6887323f09fc9907a0cbda24965da651498911af8693b136694683a36f69d

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 9:53:16 PM UTC (today)

File size:

1.8 MB (1,876,840 bytes)

Product version:

1, 5, 0, 23

Original file name:

CinemaNowShell.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\cinemanow\cinemanow media manager\cinemanowshell.exe

Digital Signature

Signed by:

Cinemanow, Inc.

Authority:

VeriSign, Inc.

Valid from:

11/1/2006 8:00:00 PM

Valid to:

11/28/2009 6:59:59 PM

Subject:

CN="Cinemanow, Inc.", OU=Cinemanow, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Cinemanow, Inc.", L=Marina Del Rey, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

6A30C72FBF0E978D40C946ECBFED0E2A

File PE Metadata

Compilation timestamp:

8/14/2008 6:30:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

12288:CdjMDQHD5nQS0F++tKc8uGtVkhxRBymt8VGeQcV9lOdyyRCpanGvgkGvgm:s7BQzntqkhxRaVGen9lOdnianU

Entry address:

0x946F8

Entry point:

E8, 11, F6, 00, 00, E9, 16, FE, FF, FF, 8B, 44, 24, 04, 66, 8B, 08, 40, 40, 66, 85, C9, 75, F6, 2B, 44, 24, 04, D1, F8, 48, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, B8, AD, 4E, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, B8, AD, 4E, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D... 
[+]

Entropy:

6.8233

Code size:

744.5 KB (762,368 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

CinemaNowMediaManagerApp

Command:

C:\Program Files\cinemanow\cinemanow media manager\cinemanowshell.exe -start

The file CinemaNowShell.EXE has been discovered within the following program.

CinemaNow Media Manager by CinemaNow, Inc.

CinemaNow Media Manager software, also called CNMM , is installed onto your PC from the HP MediaSmart Installation CD. This software controls the queuing, downloading, and viewing of movies and other videos from CinemaNow.

www.cinemanow.com

About 1% of users remove it

Scan CinemaNowShell.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.