» express_invoice_software_for_managing_and_tracking_quotes_invoices_and_payments_download.exe
Overview
Analysis
File Details
Downloads (1)

express_invoice_software_for_managing_and_tracking_quotes_invoices_and_payments_download.exe

NCH Software

This is a setup program which is used to install the application. The file has been seen being downloaded from swvgdtt-gateway.amazon.com.

File name:

Publisher:

NCH Software (signed and verified)

MD5:

4417172d844c9e1c4b0d1e27c609f7ed

SHA-1:

c5f9999f37a655f320725fca7b245eafd9e00b9a

SHA-256:

e74e16e1ac73e735bbe4686c1deb3e05c5fecb32cb1ad0d063ab8df51950e5d9

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/14/2024 5:48:14 AM UTC (today)

File size:

815.8 KB (835,368 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\express_invoice_software_for_managing_and_tracking_quotes_invoices_and_payments_download.exe

Digital Signature

Signed by:

NCH Software

Authority:

thawte, Inc.

Valid from:

5/20/2015 8:00:00 PM

Valid to:

8/6/2017 7:59:59 PM

Subject:

CN=NCH Software, O=NCH Software, L=Canberra, S=Australian Capital Territory, C=AU

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

5EBD42C1ACDD772522B9502D936CDDCC

File PE Metadata

Compilation timestamp:

9/30/2014 8:46:55 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

24576:1K0zwVJ6ysiZQ6VWPEt239bOVgWpAManI+4m:FMVJ6oZQxPNlIw

Entry address:

0x209B

Entry point:

55, 8B, EC, 81, EC, 20, 04, 00, 00, 53, 56, 57, 6A, 63, 8D, 75, F0, E8, AA, FF, FF, FF, C7, 45, FC, 01, 00, 00, 00, 33, DB, 8D, 85, E4, FC, FF, FF, 50, 68, 04, 01, 00, 00, FF, 15, 1C, 10, 40, 00, FF, 75, FC, 8D, 85, E8, FD, FF, FF, 68, 64, 10, 40, 00, 50, FF, 15, 44, 10, 40, 00, 8D, B5, E4, FC, FF, FF, 8B, C6, 83, C4, 0C, 8D, 48, 01, 8A, 10, 40, 3A, D3, 75, F9, 2B, C1, B9, 02, 01, 00, 00, 3B, C1, 76, 02, 8B, C1, 33, D2, 3B, C3, 76, 31, 8A, 0E, 46, 3A, CB, 74, 0C, 88, 8C, 15, EC, FE, FF, FF, 42, 3B, D0, 72... 
[+]

Entropy:

7.9811

Developed / compiled with:

Microsoft Visual C++

The file express_invoice_software_for_managing_and_tracking_quotes_invoices_and_payments_download.exe has been seen being distributed by the following URL.

https://swvgdtt-gateway.amazon.com//gateway/stream/thin/win/6b5345f2-4e07-43d6-b8ed-a6b3e353583c/Express_Invoice_Software_for_Managing_and_Tracking_Quotes_Invoices_and_Payments_Downloader/.../Express_Invoice_Software_for_Managing_and_Tracking_Quotes_Invoices_and_Payments_Downloader.exe

Scan express_invoice_software_for_managing_and_tracking_quotes_invoices_and_payments_download.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.