home

csginst.exe

AdTrustMedia Seacrh Engine Management SDK

Adtrustmedia, LLC

The application csginst.exe by Adtrustmedia has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.download.comodo.com.
Publisher:
AdTrustMedia  (signed by Adtrustmedia, LLC)

Product:
AdTrustMedia Seacrh Engine Management SDK

Version:
1, 2, 386327, 60

MD5:
baa48c652e3f59ea9935613f2f8aad6f

SHA-1:
2e551afb62847523406af152dc6024e16f5a6dd4

SHA-256:
b02e96fe53ae3cc263a0071eab0f4c9afdb7cd1177f99d813266b2ebee32bfda

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Displays advertising 'Trusted Advertisements' in the user's web browser in pages that normally would not show ads. Ads from AdTrustMedia are indicated by "AT-M Ad" displayed on the bottom right of the advertisement.

Analysis date:
5/15/2025 4:58:24 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Adtrustm (M)
16.4.15.12

File size:
1.4 MB (1,481,128 bytes)

Product version:
1, 2, 386327, 60

Copyright:
2016 Adtrustmedia, LLC. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\csginst.exe

Digital Signature
Signed by:
Adtrustmedia, LLC

Authority:
COMODO CA Limited

Valid from:
2/26/2016 1:00:00 AM

Valid to:
2/26/2019 12:59:59 AM

Subject:
CN="Adtrustmedia, LLC", O="Adtrustmedia, LLC", STREET="41 Watchung Plaza \#330", L=Montclair, S=New Jersey, PostalCode=07042, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7CA1D2BDF1931FE0463AB7FE748A69FA

File PE Metadata
Compilation timestamp:
4/11/2016 12:52:56 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
24576:gbAmMEw7tl1jvKAAorw0RB2UpTXGWekrC35DY9v6X0qw8LoO21+N0VOriXgM2Q:sE7tltvK4rtB3TdekO3JYC0q7+1+NygG

Entry address:
0x30EB1

Entry point:
E8, 84, 06, 00, 00, E9, 80, FE, FF, FF, 3B, 0D, 14, D0, 47, 00, F2, 75, 02, F2, C3, F2, E9, 47, 0A, 00, 00, E9, AE, 16, 00, 00, 55, 8B, EC, F6, 45, 08, 01, 56, 8B, F1, C7, 06, E4, E3, 45, 00, 74, 0A, 6A, 0C, 56, E8, BE, 04, 00, 00, 59, 59, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 5D, E9, A1, 05, 00, 00, E9, CA, FF, FF, FF, 53, 56, 57, 6A, 00, 68, A0, 0F, 00, 00, 68, A0, E2, 47, 00, E8, D6, 9C, 01, 00, 83, C4, 0C, 68, E8, E3, 45, 00, FF, 15, 5C, E2, 45, 00, 8B, F0, 85, F6, 0F, 84, 8C, 00, 00, 00, 68, 04, E4...
 
[+]

Code size:
370 KB (378,880 bytes)

The file csginst.exe has been seen being distributed by the following URL.

http://cdn.download.comodo.com/ccav/.../csgInst.exe

Remove csginst.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.