mendeley-desktop-1.15.2-win32.exe

Mendeley Ltd.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.ranchsendgift.com and multiple other hosts.
Publisher:
Mendeley Ltd.  (signed and verified)

MD5:
5b28a733e4960b6abe1137e35af0cbc6

SHA-1:
5d268449872de2eb8aab24631389a65822c739f8

SHA-256:
5cd47cf77616d75937083d8df8107a07203cc89083dc21c6be09aa168e1f2306

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 1:41:41 PM UTC  (today)

File size:
20.7 MB (21,737,872 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
6/5/2013 5:30:00 AM

Valid to:
6/5/2016 5:29:59 AM

Subject:
CN=Mendeley Ltd., O=Mendeley Ltd., STREET="Ground Floor, 144a Clerkenwell Road", STREET=White Bear Yard, L=London, S=London, PostalCode=EC1R 5DF, C=GB

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
50846274C5F9F5A334D13174DE52CD11

File PE Metadata
Compilation timestamp:
12/6/2009 4:20:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:gljc9KAW9eAMgZ48B/Lw9SlYM/uEXJxYAlDzTFTULA/yB/su5A/4v8Lec:R98MqtfYLEXHYAJxILA/255E08

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9999

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file mendeley-desktop-1.15.2-win32.exe has been seen being distributed by the following 8 URLs.

http://www.ranchsendgift.com/QkOor84bVj98ye jPMaYYYlHnoU7v_Ed1vTzT243R7MgNyHrhLJNYdzjnd3RZKqrPjCveoJG9yR2hEuST8WXxbxI5WirZinBJxd3DXlXaNLZTfdf8BFXvnBEL8UnBnf5w7 2Wks3WPAkpyLxls3Fa2P3tpzoD6SCJJTj1tffB6TSkOZOhca6QymTUGyUaFRhw6rn5yXDEwUrEbClz3rdiY9AOjekdQ==-G04AAETnFtPPgBEa1RIf3NSqOsYJDYiPy00D2uAhK ljFA3XmDENw3A_Gbb0y4nARtGa6_Ri4M6TQT0B

temp:Mendeley-Desktop-1.15.2-win32.exe

http://www.ranchsendgift.com/6sXOP4lVbpdZoYABWxg3bLAtLkS68MDeUNEjyW4CtCQxIfG2RZQZb_tFIdmO6PqRPlhggvPlz1TM1t79pMLRWfnWHNhsMdioox68bgUqaWr0bzHoTGhAXI8VA6QdU0nAmJf_Hv_gaMvxzUASFg_ZkN0g3HDwTiqjFT1u5_iRcDBmibVujY AtBwId9hdfaZGCimMkJJ C07mgP6 iRENTaqrDXql8g==-G04AAETnFtPPgBEa1RIf3NSqOsYJDYiPy00D2uAhK ljFA3XmDENw3A_Gbb0y4nARtGa6_Ri4M6TQT0B

http://www.ranchsendgift.com/9hRnZtTEBV1eDzVbJriai0MBc8uHZYEG0DXc9kdQ8hv2guIdhmpwFymyss_d2x32N5axOz7FnzszKhyFe2M9 swodOABy8ZMdPckhyPklnWdhE_P7AszsejkcaC3sKnsNT 5dlpBbNXR93lLTUgjSMmDXCawkGur6VbbJPkpnpOQgA2LvlAI8L8KeWpB 4Ccop7KmclyPPstmeOgNSMYndAx1sukag==-G04AAETnFtPPgBEa1RIf3NSqOsYJDYiPy00D2uAhK ljFA3XmDENw3A_Gbb0y4nARtGa6_Ri4M6TQT0B

http://www.ranchsendgift.com/t9YmUCOocGfvFbFkzn2og3nz2MuueoEXm4HOlPETuKt27fOpghcQ rBx9nFipNL0SIf26yaqApRFboK1jWunQhOm_GUPtsRaCR3nrzpBb85zMm 72dbIgXjAV6nX6twPVt94p7jgkXPbhRADRpBuJX_eZ8loSqunFYw5S5VClZ1vdMge0JwWeSUf5uPCufKMSFbEJFomAVf7klYgEDpe2h6HDP_Smw==-G04AAETnFtPPgBEa1RIf3NSqOsYJDYiPy00D2uAhK ljFA3XmDENw3A_Gbb0y4nARtGa6_Ri4M6TQT0B

Scan mendeley-desktop-1.15.2-win32.exe - Powered by Reason Core Security