home

family_tree_builder_5634.exe

MyHeritage Ltd.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is installed with MyHeritage Family Tree Builder. The file has been seen being downloaded from cdn.yjc.ir and multiple other hosts.
Publisher:
MyHeritage Ltd.  (signed and verified)

MD5:
d073703510760eb9ddd0f17296cdca6b

SHA-1:
a871955bd5730d51c1230dfe77d2b9eb84fa93b8

SHA-256:
1819f576a20dafd9deb27a9ebe8d8b6ad9c02d7880af5e3b5aa7109adb25b917

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/28/2024 2:21:07 AM UTC  (today)

File size:
27.7 MB (29,083,336 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\family_tree_builder_5634.exe

Digital Signature
Signed by:
MyHeritage Ltd.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
12/31/2009 1:00:00 AM

Valid to:
3/25/2012 12:59:59 AM

Subject:
CN=MyHeritage Ltd., OU=GENEALOGY RESEARCH, O=MyHeritage Ltd., L=Bnei Atarot, S=Bnei Atarot, C=IL

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
207972D020D72811F5DE51CCF58B7044

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
786432:8POpmv5UFTwoF/taewGQrqNnn+0+dBF9720IZbyUipaiOvvI3i/:a6mUt/tzw3y+jdBF9vibJ5iUug

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file family_tree_builder_5634.exe has been discovered within the following program.

MyHeritage Family Tree Builder  by MyHeritage.com
Family Tree Builder (FTB) is genealogy software to create family trees. The free download version is distributed as freeware, with no restrictions, although registration is required to run the software.
www.myheritage.com/family-tree-builder
About 2% of users remove it
 
Powered by Should I Remove It?

The file family_tree_builder_5634.exe has been seen being distributed by the following 3 URLs.

http://cdn.yjc.ir/files/fa/news/1392/7/.../1637947_463.exe

http://software-files-a.cnet.com/s/software/12/32/09/.../family_tree_builder_5634.exe

http://a.netdna.mhcache.com/FP/.../family_tree_builder_5634.exe

Scan family_tree_builder_5634.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.