× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6cab59696f0d907533a69540d4d8aaa9c341cc2ec4cd5462cded1ae873ccdf8c
File name: essetup.exe
Detection ratio: 0 / 68
Analysis date: 2018-06-11 05:43:07 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware 20180611
AegisLab 20180611
AhnLab-V3 20180610
Alibaba 20180608
ALYac 20180611
Antiy-AVL 20180611
Arcabit 20180611
Avast 20180611
Avast-Mobile 20180610
AVG 20180611
Avira (no cloud) 20180610
AVware 20180611
Babable 20180406
Baidu 20180611
BitDefender 20180611
Bkav 20180609
CAT-QuickHeal 20180611
ClamAV 20180611
CMC 20180610
Comodo 20180611
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180611
Cyren 20180611
DrWeb 20180611
eGambit 20180611
Emsisoft 20180611
Endgame 20180507
ESET-NOD32 20180611
F-Prot 20180611
F-Secure 20180611
Fortinet 20180611
GData 20180611
Ikarus 20180610
Sophos ML 20180601
Jiangmin 20180611
K7AntiVirus 20180611
K7GW 20180611
Kaspersky 20180611
Kingsoft 20180611
Malwarebytes 20180611
MAX 20180611
McAfee 20180611
McAfee-GW-Edition 20180610
Microsoft 20180611
eScan 20180611
NANO-Antivirus 20180611
Palo Alto Networks (Known Signatures) 20180611
Panda 20180610
Qihoo-360 20180611
Rising 20180611
SentinelOne (Static ML) 20180225
Sophos AV 20180611
SUPERAntiSpyware 20180610
Symantec 20180610
Symantec Mobile Insight 20180605
TACHYON 20180608
Tencent 20180611
TheHacker 20180608
TotalDefense 20180611
TrendMicro 20180611
TrendMicro-HouseCall 20180611
Trustlook 20180611
VBA32 20180608
VIPRE 20180611
ViRobot 20180610
Webroot 20180611
Yandex 20180609
Zillya 20180608
ZoneAlarm by Check Point 20180611
Zoner 20180611
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
NCH Software

Product ExpressScribe
Original name Scribe.exe
Internal name Scribe
File version 7.01
Description Express Scribe Transcription Software
Signature verification Signed file, verified signature
Signing date 9:30 PM 5/7/2018
Signers
[+] NCH Software
Status Valid
Issuer thawte SHA256 Code Signing CA
Valid from 1:00 AM 6/20/2017
Valid to 12:59 AM 8/12/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 44B0F5447257258ACEAA023D320BC8DFCEB8FA51
Serial number 17 B7 A4 CB 0D AF 6C 32 93 32 70 F0 76 1D CE E0
[+] thawte SHA256 Code Signing CA
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint D00CFDBF46C98A838BC10DC4E097AE0152C461BC
Serial number 71 A0 B7 36 95 DD B1 AF C2 3B 2B 9A 18 EE 54 CB
[+] thawte
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 11/17/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-25 00:08:33
Entry Point 0x000011D4
Number of sections 5
PE sections
Overlays
MD5 5ac374f59092655d263df1c821d90c24
File type data
Offset 981504
Size 13032
Entropy 7.35
PE imports
GetLastError
GetModuleFileNameW
WaitForSingleObject
FindResourceW
GetExitCodeProcess
ExitProcess
LoadLibraryA
VerSetConditionMask
SizeofResource
LockResource
GetCommandLineW
GetStartupInfoW
SetEnvironmentVariableW
CreateDirectoryW
DeleteFileW
GetProcAddress
lstrcpyW
RemoveDirectoryW
GetTempPathW
CloseHandle
GetModuleHandleW
FreeLibrary
LoadResource
WriteFile
CreateFileW
SetupIterateCabinetW
ShellExecuteW
ShellExecuteExW
MessageBoxW
wsprintfW
CoInitializeEx
CoUninitialize
Number of PE resources by type
RT_ICON 2
Struct(99) 2
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 7
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.0.0

UninitializedDataSize
0

LanguageCode
English (Australian)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
978432

EntryPoint
0x11d4

OriginalFileName
Scribe.exe

MIMEType
application/octet-stream

LegalCopyright
NCH Software

FileVersion
7.01

TimeStamp
2016:10:25 01:08:33+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Scribe

ProductVersion
7.01

FileDescription
Express Scribe Transcription Software

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
NCH Software

CodeSize
2048

ProductName
ExpressScribe

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
PE resource-wise parents
File identification
MD5 1d4dd0d99abb2a74da953193b0e83aea
SHA1 eb320a5f067e053da48e235eef096357772992fc
SHA256 6cab59696f0d907533a69540d4d8aaa9c341cc2ec4cd5462cded1ae873ccdf8c
ssdeep
24576:IGQMkQ5hw6oqQ5UO9H3HToNui0/M+zmyQHhJEajeR7Ck:8y7ToUGXzoN1YM5yQHhJEGexP

authentihash 6bd23dafa7950710c21371039685f3409ee5458ce15b104a2f7fb06dd3804df9
imphash 96b80544389cff6b990a929a73e4967b
File size 971.2 KB ( 994536 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-05-08 22:06:47 UTC ( 6 months, 2 weeks ago )
Last submission 2018-07-16 17:02:52 UTC ( 4 months ago )
File names essetup.exe
6CAB59696F0D907533A69540D4D8AAA9C341CC2EC4CD5462CDED1AE873CCDF8C
essetup.exe
essetup.exe
expressscribe_etup.exe
essetup.exe
25-1-setup.exe
Scribe
Scribe.exe
essetup.exe
6CAB59696F0D907533A69540D4D8AAA9C341CC2EC4CD5462CDED1AE873CCDF8C.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Searched windows
Runtime DLLs