swinst4.exe

Microsoft Plus! for Windows 95

Macromedia, Inc.

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable swinst4.exe, “Win32 Cabinet Self-Extractor ” has been detected as malware by 10 anti-virus scanners.
Publisher:
Microsoft Corporation  (signed by Macromedia, Inc.)

Product:
Microsoft® Plus! for Windows® 95

Description:
Win32 Cabinet Self-Extractor

Version:
4.70.1153

MD5:
8415c33bb428b4848ded8dca253c872f

SHA-1:
0417f8aafa020c0a4d356c8d256c5b6058dd8feb

SHA-256:
eccb5f411ee897dddb59ae1fe5df465f1b5c7ea672ad8d636f8b6b4d5a689da0

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
12/25/2024 8:05:55 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
W95/CIH
8.3.2.2

avast!
Win32:CIH-G@dam
2014.9-151110

AVG
Win32/Small
2016.0.2930

Comodo Security
UnclassifiedMalware
23291

G Data
Win32.Trojan.Agent.IQJGLU
15.11.25

IKARUS anti.virus
W95.Cih
t3scan.1.9.5.0

McAfee
Artemis!8415C33BB428
5600.6586

Qihoo 360 Security
Win32/Trojan.95e
1.0.0.1015

Rising Antivirus
PE:Virus.CIH_Body!1.9B6A[F1]
23.00.65.151108

VIPRE Antivirus
Trojan.Win32.Generic
44014

File size:
985.9 KB (1,009,600 bytes)

Product version:
4.70.1153

Copyright:
Copyright © Microsoft Corp. 1995

Original file name:
WEXTRACT.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\windows 95 osr2 (rus).ver.950.4.00.1111.russian\osr2fin.rus\swinst4.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
7/31/1996 11:00:00 AM

Valid to:
7/30/1997 10:59:59 AM

Subject:
CN="Macromedia, Inc.", L=San Francisco, S=California, C=US, OU="www.verisign.com/repository/CPS Incorp. by Ref.,LIAB.LTD(c)96", OU=Digital ID Class 3 - Microsoft Software Validation, OU=VeriSign Commercial Software Publishers CA, O="VeriSign, Inc.", L=Internet

Issuer:
OU=VeriSign Commercial Software Publishers CA, O="VeriSign, Inc.", L=Internet

Serial number:
6DF515850C3C10885597884AABAA6610

File PE Metadata
Compilation timestamp:
8/3/1996 10:30:40 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
3.10

CTPH (ssdeep):
24576:2eCCRMASx/8DBeZTDVkWoMZF4T5gx3AFqV:WCRgdsBUdkJMZfyc

Entry address:
0x9C90

Entry point:
64, A1, 00, 00, 00, 00, 55, 8B, EC, 6A, FF, 68, 00, E0, 40, 00, 68, B0, BD, 40, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 60, 53, 56, 57, 89, 65, E8, FF, 15, 7C, 84, 41, 00, A3, B4, FA, 40, 00, 33, C0, A0, B5, FA, 40, 00, A3, C0, FA, 40, 00, A1, B4, FA, 40, 00, C1, 2D, B4, FA, 40, 00, 10, 25, FF, 00, 00, 00, A3, BC, FA, 40, 00, C1, E0, 08, 03, 05, C0, FA, 40, 00, A3, B8, FA, 40, 00, E8, 9A, 20, 00, 00, E8, A5, 1F, 00, 00, 85, C0, 75, 0A, 6A, 10, E8, 2A, 01, 00, 00, 83, C4, 04, C7, 45, FC, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v4.2

Code size:
49 KB (50,176 bytes)

Remove swinst4.exe - Powered by Reason Core Security