home

patchcimwin32.exe

Internet Explorer

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from emedia-networkservice.citroen.com.
Publisher:
Microsoft Corporation

Product:
Internet Explorer

Description:
Auto-extracteur de fichier CAB Win32

Version:
11.00.9600.16428 (winblue_gdr.131013-1700)

MD5:
67a51826b24e9e1f54406287b3698907

SHA-1:
13167179d0e439d5559290239ca9bb9ad114a1cf

SHA-256:
9c5bfd7113897cff56dd64a44d32a0b78e460c60891273e5c76bf3514bfe6ee5

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/27/2024 11:51:48 AM UTC  (today)

Scan engine
Detection
Engine version

Qihoo 360 Security
HEUR/QVM41.2.Malware.Gen
1.0.0.1015

File size:
483 KB (494,592 bytes)

Product version:
11.00.9600.16428

Copyright:
© Microsoft Corporation. Tous droits réservés.

Original file name:
WEXTRACT.EXE .MUI

File type:
Executable application (Win32 EXE)

Language:
French (France)

Common path:
C:\users\{user}\downloads\patchcimwin32.exe

File PE Metadata
Compilation timestamp:
10/14/2013 7:50:27 AM

OS version:
6.3

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:5eFRQGCIIm1x/5GWp1icKAArDZz4N9GhbkrNEkPYserfp3qmfjNQT1/Z7QD9EAIi:mQGCIIm1p0yN90QEfZaMdgRfYOw

Entry address:
0x67CC

Entry point:
E8, 07, 0B, 00, 00, E9, 05, 00, 00, 00, CC, CC, CC, CC, CC, 6A, 58, 68, 68, 75, 40, 00, E8, BD, 0B, 00, 00, 33, DB, 89, 5D, E0, 89, 5D, FC, 8D, 45, 98, 50, FF, 15, 70, A1, 40, 00, C7, 45, FC, FE, FF, FF, FF, C7, 45, FC, 01, 00, 00, 00, 64, A1, 18, 00, 00, 00, 8B, 78, 04, 8B, F3, BA, EC, 88, 40, 00, 8B, CF, 33, C0, F0, 0F, B1, 0A, 85, C0, 74, 07, 3B, C7, 75, 16, 33, F6, 46, 83, 3D, F0, 88, 40, 00, 01, 75, 17, 6A, 1F, E8, 30, 09, 00, 00, 59, EB, 43, 68, E8, 03, 00, 00, FF, 15, 6C, A1, 40, 00, EB, C8, 39, 1D...
 
[+]

Code size:
25.5 KB (26,112 bytes)

The file patchcimwin32.exe has been seen being distributed by the following URL.

https://emedia-networkservice.citroen.com/AC/IFD/donnees/.../PatchCimwin32.exe

Scan patchcimwin32.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.