home

ftm2014sfxpatch64.exe

Family Tree Maker 2014 Update (64-bit)

Ancestry.com Operations Inc

This is a setup program which is used to install the application. The file has been seen being downloaded from service.familytreemaker.com.
Publisher:
Ancestry.com  (signed by Ancestry.com Operations Inc)

Product:
Family Tree Maker 2014 Update (64-bit)

Description:
Family Tree Maker 2014 updater

Version:
22.0.0.1410

MD5:
c04d0128cdffd7689c8df5e8b5beb8fa

SHA-1:
2b2f5235d37132891276ecda22e4705022cbb417

SHA-256:
91821243453da288bf358ff5e107c357daaa8a37101d516143bfd5a436193399

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/16/2024 9:04:59 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/HiddenStart.A potentially unsafe application
7.0.302.0

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1077

File size:
13.4 MB (14,070,800 bytes)

Product version:
22.0.0.1410

Copyright:
Copyright Ancestry.com

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ftm2014sfxpatch64.exe

Digital Signature
Signed by:
Ancestry.com Operations Inc

Authority:
Thawte, Inc.

Valid from:
7/7/2014 8:00:00 PM

Valid to:
7/7/2017 7:59:59 PM

Subject:
CN=Ancestry.com Operations Inc, OU=Development, O=Ancestry.com Operations Inc, L=Provo, S=Utah, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
3D9F15ED5FAA65172DD9B94B94ECC96A

File PE Metadata
Compilation timestamp:
11/12/2015 11:48:25 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.50

CTPH (ssdeep):
196608:q1uGFLZq1O9On5n1rNb40pthcNPkBvr4l+/MUOi98zoPmUCxnMIStSBiXeDk:gF0QYN1Jb4iQNPkv8lk1HuPxMBtQisk

Entry address:
0xA510

Entry point:
55, 89, E5, 6A, FF, 68, 68, 1F, 41, 00, 68, 08, BB, 40, 00, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 83, EC, 08, 83, EC, 48, 53, 56, 57, 89, 65, E8, 68, 00, 00, 00, 02, E8, 1D, 2F, 00, 00, 59, A3, A4, 30, 41, 00, E8, 22, 19, 00, 00, 85, C0, 74, 2F, C7, 45, FC, 00, 00, 00, 00, E8, 42, 1B, 00, 00, E8, FD, 1B, 00, 00, E8, 48, 1C, 00, 00, E8, 43, 20, 00, 00, E8, DE, 20, 00, 00, BB, 40, 2F, 41, 00, 81, FB, 40, 2F, 41, 00, 73, 1C, EB, 0D, 6A, FE, E8, 88, 21, 00, 00, 59, E9, 91, 00, 00, 00, FF, 13...
 
[+]

Entropy:
7.9840  (probably packed)

Code size:
63.5 KB (65,024 bytes)

The file ftm2014sfxpatch64.exe has been seen being distributed by the following URL.

http://service.familytreemaker.com/OhanaService/Updates/.../FTM2014SfxPatch64.exe

Scan ftm2014sfxpatch64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.