home

csginst.exe

AdTrustMedia Seacrh Engine Management SDK

Adtrustmedia, LLC

The application csginst.exe by Adtrustmedia has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from download.adtrustmedia.com.
Publisher:
AdTrustMedia  (signed by Adtrustmedia, LLC)

Product:
AdTrustMedia Seacrh Engine Management SDK

Version:
1, 6, 397421, 72

MD5:
6b9241eba551ee65b84b0650ff25035e

SHA-1:
802b027e34b19d3f808971130a1618b9b4303153

SHA-256:
3ec19c4c71aa42d21a8b868a2471e44b903fb9efe30a6be90d9e584187b6be50

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Displays advertising 'Trusted Advertisements' in the user's web browser in pages that normally would not show ads. Ads from AdTrustMedia are indicated by "AT-M Ad" displayed on the bottom right of the advertisement.

Analysis date:
5/5/2024 7:55:53 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.8.17.17

File size:
1.3 MB (1,342,376 bytes)

Product version:
1, 6, 397421, 72

Copyright:
2016 Adtrustmedia, LLC. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\syswow64\config\systemprofile\appdata\local\temp\csginst.exe

Digital Signature
Signed by:
Adtrustmedia, LLC

Authority:
COMODO CA Limited

Valid from:
2/25/2016 4:00:00 PM

Valid to:
2/25/2019 3:59:59 PM

Subject:
CN="Adtrustmedia, LLC", O="Adtrustmedia, LLC", STREET="41 Watchung Plaza \#330", L=Montclair, S=New Jersey, PostalCode=07042, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7CA1D2BDF1931FE0463AB7FE748A69FA

File PE Metadata
Compilation timestamp:
8/16/2016 7:23:34 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
24576:LgFyScdmRTMWDpKEaA8Y5q8hJn6hs2rkwFgjybUNcUig33dTBYtwzRjJl:cFwdmBMGKEMy5hl6e2tFLbUN9d9YIRjb

Entry address:
0x1F207

Entry point:
E8, 84, 06, 00, 00, E9, 80, FE, FF, FF, 3B, 0D, 14, 60, 46, 00, F2, 75, 02, F2, C3, F2, E9, 41, 0A, 00, 00, E9, D9, 16, 00, 00, 55, 8B, EC, F6, 45, 08, 01, 56, 8B, F1, C7, 06, F4, B3, 44, 00, 74, 0A, 6A, 0C, 56, E8, BE, 04, 00, 00, 59, 59, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 5D, E9, A1, 05, 00, 00, E9, CA, FF, FF, FF, 53, 56, 57, 6A, 00, 68, A0, 0F, 00, 00, 68, C0, 76, 46, 00, E8, 40, 99, 01, 00, 83, C4, 0C, 68, 38, 7D, 45, 00, FF, 15, 6C, B2, 44, 00, 8B, F0, 85, F6, 0F, 84, 8C, 00, 00, 00, 68, F8, B3...
 
[+]

Entropy:
6.7353

Code size:
295.5 KB (302,592 bytes)

The file csginst.exe has been seen being distributed by the following URL.

http://download.adtrustmedia.com/csg/.../csgInst.exe

Remove csginst.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.