home

csginst.exe

AdtrustMedia Seacrh Engine Management SDK

Adtrustmedia, LLC

The application csginst.exe by Adtrustmedia has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.download.comodo.com.
Publisher:
AdTrustMedia  (signed by Adtrustmedia, LLC)

Product:
AdtrustMedia Seacrh Engine Management SDK

Version:
1, 1, 384082, 58

MD5:
24e01766ca5e322af46baab473eb6da6

SHA-1:
c9575aa11bb4f6d60f92cc1dd6ebaacbe51b6f48

SHA-256:
907c108f32e6c225fc4b2551b042ae0218e7341eb34266543dc8cf2047df456d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Displays advertising 'Trusted Advertisements' in the user's web browser in pages that normally would not show ads. Ads from AdTrustMedia are indicated by "AT-M Ad" displayed on the bottom right of the advertisement.

Analysis date:
5/15/2025 7:37:50 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Adtrustm (M)
16.4.7.1

File size:
1.5 MB (1,542,056 bytes)

Product version:
1, 1, 384082, 58

Copyright:
2016 Adtrustmedia, LLC. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\csginst.exe

Digital Signature
Signed by:
Adtrustmedia, LLC

Authority:
COMODO CA Limited

Valid from:
2/26/2016 7:00:00 AM

Valid to:
2/26/2019 6:59:59 AM

Subject:
CN="Adtrustmedia, LLC", O="Adtrustmedia, LLC", STREET="41 Watchung Plaza \#330", L=Montclair, S=New Jersey, PostalCode=07042, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7CA1D2BDF1931FE0463AB7FE748A69FA

File PE Metadata
Compilation timestamp:
3/17/2016 12:12:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
24576:Qem7zL436A3U7a+juiZtxOZyHo+jJGZsELKLkzT227/Vp1WUrsab14bv:QR036Ak7ootcebJasEeLMtp1nIv

Entry address:
0x32E71

Entry point:
E8, 1C, 06, 00, 00, E9, 80, FE, FF, FF, 3B, 0D, 14, 40, 48, 00, F2, 75, 02, F2, C3, F2, E9, D7, 09, 00, 00, E9, 4E, 16, 00, 00, 55, 8B, EC, 5D, E9, C5, 05, 00, 00, E9, ED, FF, FF, FF, 53, 56, 57, 6A, 00, 68, A0, 0F, 00, 00, 68, 90, 52, 48, 00, E8, 89, F8, 01, 00, 83, C4, 0C, 68, 20, 64, 46, 00, FF, 15, 8C, 62, 46, 00, 8B, F0, 85, F6, 0F, 84, 8C, 00, 00, 00, 68, 3C, 64, 46, 00, 56, FF, 15, 90, 62, 46, 00, 68, 58, 64, 46, 00, 56, 8B, D8, FF, 15, 90, 62, 46, 00, 68, 74, 64, 46, 00, 56, 8B, F8, FF, 15, 90, 62...
 
[+]

Code size:
401 KB (410,624 bytes)

The file csginst.exe has been seen being distributed by the following URL.

http://cdn.download.comodo.com/ccav/.../csgInst.exe

Remove csginst.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.