mfinstall.exe

The Generations Network Inc

This is a setup and installation application. The file has been seen being downloaded from imageservice.ancestry.com.
Publisher:
The Generations Network Inc  (signed and verified)

MD5:
a795df0a53dac1d418e96dcfcd410922

SHA-1:
03c1388206d95d6affdfd442ad2f3d07f354d976

SHA-256:
b1acf93cab8dec66f16681ee233bf9ec8d5115c92d3a0cf3e48903c1a239be16

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/28/2024 1:29:10 AM UTC  (today)

File size:
53.8 KB (55,088 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\mfinstall.exe

Digital Signature
Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
5/1/2007 1:23:22 PM

Valid to:
4/30/2008 1:23:22 PM

Subject:
CN=The Generations Network Inc, OU=Web Ops, O=The Generations Network Inc, L=Provo, S=Utah, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
1D7C1B1F7E3416B7200D2BD2E4BD584E

File PE Metadata
Compilation timestamp:
5/10/2007 12:39:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:6PSu0DG4ChJt+5JUIN3F3N4j0lnownod+:GSuYJB5JflNHlndn4+

Entry address:
0x135E

Entry point:
33, C0, 50, 50, 50, 50, FF, 15, 38, 20, 40, 00, 50, E8, 90, FC, FF, FF, 50, FF, 15, 34, 20, 40, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 47, 33, C0, 8A, 44, 24, 08, 57, 8B, F9, 83, FA, 04, 72, 2D, F7, D9, 83, E1, 03, 74, 08, 2B, D1, 88, 07, 47, 49, 75, FA, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 06, 88, 07, 47, 4A, 75, FA, 8B, 44, 24, 08, 5F, C3, 8B, 44, 24, 04, C3, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8526  (probably packed)

Code size:
1024 Bytes (1,024 bytes)

The file mfinstall.exe has been seen being distributed by the following URL.

Scan mfinstall.exe - Powered by Reason Core Security