pminst.exe

Patch Maker Install Program

Clickteam

This is a self-extracting archive and installer. The file has been seen being downloaded from www.clickteam.com.
Publisher:
Clickteam  (signed and verified)

Product:
Patch Maker Install Program

Version:
3, 0, 0, 51

MD5:
9540d093989c382f4c2f82081c2fdc72

SHA-1:
78b46a0d530907ab266a58dd67c9e4e1e422ab17

SHA-256:
5a548121c558f7a701033cc50488c0707f3e3d446aa4d1ac33991e23c3bf92c4

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/23/2024 8:39:26 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Click2.58301
9.0.1.0183

File size:
937 KB (959,504 bytes)

Product version:
3, 0, 0, 51

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\pminst.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
10/27/2010 4:00:00 AM

Valid to:
12/7/2012 3:59:59 AM

Subject:
CN=Clickteam, O=Clickteam, L=Paris, S=Paris, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
02FF949279C8E7AF181CA47447248B6E

File PE Metadata
Compilation timestamp:
3/24/2012 2:29:57 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:9zVGlicia5ZIxwdzniAXRUKM4QeNsf7qw+ieVbdRJRMjgCydkvaqC5u5GtnjeH2r:hkma5Cmdbi2vMR5fMVRJMOXnjNPq2

Entry address:
0x21E18

Entry point:
55, 8B, EC, 6A, FF, 68, 50, A8, 42, 00, 68, 50, 5C, 42, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 20, A2, 42, 00, 33, D2, 8A, D4, 89, 15, F0, 3C, 43, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, EC, 3C, 43, 00, C1, E1, 08, 03, CA, 89, 0D, E8, 3C, 43, 00, C1, E8, 10, A3, E4, 3C, 43, 00, 33, F6, 56, E8, 8D, 02, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 11, 3C, 00, 00, FF, 15, B0, A1, 42, 00, A3, 58, 52, 43, 00, E8...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
164 KB (167,936 bytes)

The file pminst.exe has been seen being distributed by the following URL.

Scan pminst.exe - Powered by Reason Core Security