imscinst.exe

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘MSPY2002’.
Scan imscinst.exe - Powered by Reason Core Security
MD5:
1a5e0b7d1f50b226de474b9236552660

SHA-1:
c60e4cabad331e8680c47b61c2a5a1a58a1c715f

SHA-256:
6d5be4df3e1b5c886cdbe3b3efe79e0c048b21ced6eb00c01a544d32e1800606

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/6/2016 1:13:54 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Crypt.XPACK.Gen
7.11.30.172

avast!
Win32:Crypt-KOW [Trj]
140608-0

IKARUS anti.virus
Trojan.Crypt
t3scan.1.6.1.0

Kingsoft AntiVirus
Win32.Malware.Heur_Generic.A.(kcloud)
331020.49267

File size:
91 KB (93,184 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Windows\System32\ime\pintlgnt\imscinst.exe

File PE Metadata
Compilation timestamp:
4/11/2008 10:48:25 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.1

CTPH (ssdeep):
1536:cJN5tM49Ik/HWKg1A67JfWtrIa0Uy4VtJHfoAJrvMtc:cJrSWps7JfMUa0Uy4VtJH3rvoc

Entry address:
0x8443

Entry point:
6A, 60, 68, C0, 33, 00, 01, E8, 2D, 13, 00, 00, 33, DB, 89, 5D, FC, 8D, 45, A4, 50, FF, 15, E4, 10, 00, 01, 83, 4D, FC, FF, BF, 94, 00, 00, 00, 8B, C7, E8, 62, 13, 00, 00, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, E0, 10, 00, 01, 8B, 4E, 10, 89, 0D, 6C, 02, 01, 01, 8B, 46, 04, A3, 78, 02, 01, 01, 8B, 56, 08, 89, 15, 7C, 02, 01, 01, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 70, 02, 01, 01, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 70, 02, 01, 01, C1, E0, 08, 03, C2, A3, 74, 02, 01, 01, 66, 81, 3D...
 
[+]

Entropy:
6.8368

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
54.5 KB (55,808 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MSPY2002

Command:
C:\Windows\System32\ime\pintlgnt\imscinst.exe \sync


Scan imscinst.exe - Powered by Reason Core Security