home

expressview_8.exe

Envisioneer

Cadsoft Corporation

The application expressview_8.exe by Cadsoft has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program ExpressView 8 by Cadsoft Corporation.
Publisher:
Cadsoft Corp.  (signed by Cadsoft Corporation)

Product:
Envisioneer

Version:
8.2.0.1108

MD5:
6fdd851cdb827d2a684c0126864c7f61

SHA-1:
138c809a5832d347ceb29b4a61201a31e25c69e9

SHA-256:
2fc6204bd84e3c9f52323f9762a81c96a58cea772ba13d3c21b81bb1a74724ef

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/27/2024 9:43:58 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.CadsoftCorporation
15.3.6.4

File size:
672.4 KB (688,536 bytes)

Product version:
8.2.0.1108

Copyright:
Copyright 2011

Original file name:
Envisioneer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\cadsoft\expressview 8\bin\expressview_8.exe

Digital Signature
Signed by:
Cadsoft Corporation

Authority:
GlobalSign nv-sa

Valid from:
3/28/2012 11:19:37 PM

Valid to:
3/29/2013 10:19:37 PM

Subject:
E=support@cadsoft.com, CN=Cadsoft Corporation, O=Cadsoft Corporation, L=Guelph, S=ON, C=CA

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121832E553260C195EFF0851543EA5F4BD4

File PE Metadata
Compilation timestamp:
2/8/2013 5:23:55 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:/XRJQ/iqPKrWzkvIY7yFeHeuZkImS42CBn1+EOp7CRe:/hJWiquWzk+FeHx2Iy2O8NCc

Entry address:
0x52C3D

Entry point:
E8, 36, 06, 00, 00, E9, DD, FC, FF, FF, CC, 68, 2E, 25, 45, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 38, 57, 47, 00, 31, 45, FC, 33, C5, 89, 45, E4, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, E4, 33, CD, E8, F6, F6, FF, FF, E9, 66, 02, 00, 00, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 38, 57, 47, 00, 33, C5...
 
[+]

Entropy:
6.6554

Code size:
372 KB (380,928 bytes)

The file expressview_8.exe has been discovered within the following program.

ExpressView 8  by Cadsoft Corporation
www.cadsoft.com
About 5% of users remove it
 
Powered by Should I Remove It?

Remove expressview_8.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.