» essetup.exe
Overview
Analysis
File Details
Programs (1)
Downloads (2)

essetup.exe

ExpressScribe

NCH Software

This is a self-extracting archive and installer. This is installed with Express Scribe. The file has been seen being downloaded from express-scribe.softonic.com and multiple other hosts.

File name:

essetup.exe

Publisher:

NCH Software (signed and verified)

Product:

ExpressScribe

Description:

Express Scribe

Version:

5.79ES+

MD5:

3705a6f86d21ee6638012f5795d28e0f

SHA-1:

f6b9a42d6315afd4fd56c794f4813cfd8ae386ba

SHA-256:

12208d44703a1a6cc5f9d76d7154ea30e9a42dea7c1fe907dbd69ca94bdf6470

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

12/28/2024 5:38:28 PM UTC (today)

File size:

904.2 KB (925,928 bytes)

Product version:

5.79ES+

NCH Software

Original file name:

Scribe.exe

File type:

Executable application (Win32 EXE)

Language:

English (Australia)

Common path:

C:\users\{user}\downloads\essetup.exe

Digital Signature

Signed by:

NCH Software

Authority:

Thawte, Inc.

Valid from:

7/5/2015 7:00:00 PM

Valid to:

8/6/2017 6:59:59 PM

Subject:

CN=NCH Software, O=NCH Software, L=Canberra, S=Australian Capital Territory, C=AU

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

58D9B9D38780932DD1CBC58A2AD28B1C

File PE Metadata

Compilation timestamp:

12/17/2014 7:47:27 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

24576:Cg11bQw4K//nrtEmGW8eBNU/3e0QOUiwvD3ms:JLT/nrdBNUW0QOUioWs

Entry address:

0x11D4

Entry point:

55, 8B, EC, 83, E4, F8, 81, EC, F4, 14, 00, 00, 53, 56, 57, E8, 03, FF, FF, FF, 33, DB, 3B, C3, 89, 44, 24, 14, 0F, 85, 3D, 03, 00, 00, 6A, 06, 53, FF, 15, 8C, 20, 40, 00, FF, 15, 2C, 20, 40, 00, 8B, C8, E8, 2E, 03, 00, 00, 85, C0, 74, 10, 68, 7C, 24, 40, 00, 68, 80, 24, 40, 00, FF, 15, 08, 20, 40, 00, 8D, 44, 24, 68, 50, FF, 15, 50, 20, 40, 00, F6, 84, 24, 94, 00, 00, 00, 01, 75, 0A, 66, C7, 84, 24, 98, 00, 00, 00, 01, 00, 8D, 84, 24, E0, 0C, 00, 00, 50, 68, 04, 01, 00, 00, FF, 15, 28, 20, 40, 00, 6A, 63... 
[+]

Entropy:

7.9946

Developed / compiled with:

Microsoft Visual C++

Code size:

1.5 KB (1,536 bytes)

The file essetup.exe has been discovered within the following program.

Express Scribe by NCH Software

During installation the program will offer the user to install the NCH Toolbar, an ad-supported web browser toolbar.

www.nch.com.au/scribe/index.html

24% remove it

The file essetup.exe has been seen being distributed by the following 2 URLs.

http://express-scribe.softonic.com/download-tracker?th=8yS3 KGEYLiw7GKMHzA/trmsvRChbxdrflJq3ZIylWseXQbxqvWy2ju7k9IwDnxpyVBcRIrtnkVc2TsLtPEMSkNU5PmueYXEwgSDdV5QB8OgEg/.../Md4Lb7 JHISGk=

http://www.nch.com.au/components/.../essetup.exe

Scan essetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.