» mlsetup.exe
Overview
Analysis
File Details
Programs (1)
Downloads (4)

mlsetup.exe

MoneyLine

NCH Software

This is a setup and installation application. This is installed with MoneyLine. The file has been seen being downloaded from www.downloadcollection.com and multiple other hosts.

File name:

mlsetup.exe

Publisher:

NCH Software (signed and verified)

Product:

MoneyLine

Version:

2.04+

MD5:

eb49f5a5836d6273b402f07b1dd5d866

SHA-1:

aefe8cc9eb30d85fc05111519a78097fbb47f290

SHA-256:

c8776f8ffedb5138bc2f7d04f19784d6488366e5fc75e411863524fa6c4a5085

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/30/2024 8:01:35 AM UTC (today)

File size:

522.8 KB (535,320 bytes)

Product version:

2.04+

NCH Software

Original file name:

MoneyLine.exe

File type:

Executable application (Win32 EXE)

Language:

English (Australia)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\mlsetup.exe

Digital Signature

Signed by:

NCH Software

Authority:

Thawte, Inc.

Valid from:

7/6/2015 7:00:00 AM

Valid to:

8/7/2017 6:59:59 AM

Subject:

CN=NCH Software, O=NCH Software, L=Canberra, S=Australian Capital Territory, C=AU

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

58D9B9D38780932DD1CBC58A2AD28B1C

File PE Metadata

Compilation timestamp:

1/25/2016 6:09:42 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

12288:Jd4hptNRoHIOB9qEceIYn38fWizDJ3mLmQ151H5LhzlhNpm81wy:shpXGHRg3YgH3MmQBZdTm8ay

Entry address:

0x11D4

Entry point:

55, 8B, EC, 83, E4, F8, 81, EC, FC, 16, 00, 00, 53, 56, 57, E8, 03, FF, FF, FF, 33, DB, 3B, C3, 89, 44, 24, 14, 0F, 85, DF, 03, 00, 00, 6A, 06, 53, FF, 15, 8C, 20, 40, 00, FF, 15, 48, 20, 40, 00, 68, 6C, 24, 40, 00, 8B, F0, E8, CB, 03, 00, 00, 85, C0, 74, 10, 68, 7C, 24, 40, 00, 68, 80, 24, 40, 00, FF, 15, 50, 20, 40, 00, 68, 90, 24, 40, 00, 8B, C6, E8, AB, 03, 00, 00, 3B, C3, 74, 49, 83, C0, 0E, EB, 08, 66, 83, F9, 20, 75, 0A, 40, 40, 0F, B7, 08, 66, 3B, CB, 75, F0, 0F, B7, 08, 33, F6, 66, 3B, CB, 74, 20... 
[+]

Entropy:

7.9834

Developed / compiled with:

Microsoft Visual C++

Code size:

2 KB (2,048 bytes)

The file mlsetup.exe has been discovered within the following program.

MoneyLine by NCH Software

From the EULA: " During installation of this download you will be given the option to install closely related programs from the NCH Software suite. These are optional and you can select what you want depending on your requirements."

www.nchsoftware.com/personalfinance/support.html

22% remove it

The file mlsetup.exe has been seen being distributed by the following 4 URLs.

http://www.downloadcollection.com/downloadredirect.php?idx=894541

http://www.brothersoft.com/d.php?soft_id=512627&url=http://www.nch.com.au/.../mlsetup.exe&name=MoneyLine Personal Finance Software

http://download.freedownloadmanager.org/Windows-PC/.../FREE-1.30.html?ac2e212

http://www.nchsoftware.com/.../mlsetup.exe

Scan mlsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.