home

expressinvoice.exe

ExpressInvoice

NCH Software

Publisher:
NCH Software

Product:
ExpressInvoice

Description:
Express Invoice

Version:
3.49+

MD5:
a8f85688ff64b62635fffca1c6624ea1

SHA-1:
1e252e3aa8b64e8f0de2db168c46d30635decbce

SHA-256:
8bc8b1b82b39ff38284df90db05899fa5e91324c8bbe16acfab5f38bdc0a9083

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/15/2024 2:35:31 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Conduit
4.0.3.14420

Bkav FE
W32.HfsAutoA
1.3.0.4924

ESET NOD32
Win32/Toolbar.Conduit (variant)
8.9399

File size:
1.9 MB (1,987,588 bytes)

Copyright:
NCH Software

File type:
Executable application (Win32 EXE)

Language:
English (Australia)

Common path:
C:\Program Files\nch software\expressinvoice\expressinvoice.exe

File PE Metadata
Compilation timestamp:
1/29/2012 11:39:07 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:AAiTHooFxZQPjKfKtYxibRLYlMe9W7oMb1Q1s4bYUt5SJ4DYgwY:AAi7gjKfFEbeUUkyFgJ3Y

Entry address:
0x17029F

Entry point:
E8, 89, B4, 00, 00, E9, 16, FE, FF, FF, 56, 57, 33, F6, BF, B8, 77, 58, 00, 83, 3C, F5, 6C, 40, 48, 00, 01, 75, 1E, 8D, 04, F5, 68, 40, 48, 00, 89, 38, 68, A0, 0F, 00, 00, FF, 30, 83, C7, 18, E8, 07, B5, 00, 00, 85, C0, 59, 59, 74, 0C, 46, 83, FE, 24, 7C, D2, 33, C0, 40, 5F, 5E, C3, 83, 24, F5, 68, 40, 48, 00, 00, 33, C0, EB, F1, 53, 8B, 1D, A4, 12, 40, 00, 56, BE, 68, 40, 48, 00, 57, 8B, 3E, 85, FF, 74, 13, 83, 7E, 04, 01, 74, 0D, 57, FF, D3, 57, E8, D7, 1E, 00, 00, 83, 26, 00, 59, 83, C6, 08, 81, FE, 88...
 
[+]

Entropy:
6.2190

The file expressinvoice.exe has been discovered within the following programs.

Express Invoice  by NCH Software
Publisher's description - “Express Invoice is professional invoicing software for Windows that allows you to manage client accounts, create invoices, and apply payments. You can then print, e-mail, or fax your invoices to your clients directly from the application.”
www.nchsoftware.com
20% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to pair.audiochannel.net  (66.39.83.117:80)

TCP (HTTP):
Connects to advanced1062.inmotionhosting.com  (173.247.250.125:80)

Scan expressinvoice.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.