home

downloader.exe

eScriptionDownloader

Axiom Technologies

Publisher:
Axiom Technologies

Product:
eScriptionDownloader

Version:
9.60

MD5:
5a94cad6dd6cf04d420265f39fed032a

SHA-1:
9948b9769b180d623d8411c0246249f8810621e2

SHA-256:
bd708dbc86f2a5793278549247d40abe4f7e07dd5c86d45c578447bf2888b73e

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
7/16/2025 6:44:43 PM UTC  (today)

Scan engine
Detection
Engine version

F-Prot
W32/VB-Dialog-Spyer-based!Maxim
4.6.5.141

VIPRE Antivirus
Threat.319461
46592

File size:
260.1 KB (266,313 bytes)

Product version:
9.60

Original file name:
eScriptionDownloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\downloader.exe

File PE Metadata
Compilation timestamp:
6/29/2012 11:31:19 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:MgwuNt/WH+WLjtMdbHh6VKAcgll2P8+Bw0U3srL8B/XcB8p1sVViwjmAfglZLM9u:CuNcBicdnu8YFWE5K

Entry address:
0x72DC

Entry point:
68, 1C, 7A, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, A6, 82, 14, 30, F4, 00, 4B, 46, 91, 8D, 71, 6C, EB, 8A, 5F, 0A, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 04, 00, 00, 00, 65, 53, 63, 72, 69, 70, 74, 69, 6F, 6E, 44, 6F, 77, 6E, 6C, 6F, 61, 64, 65, 72, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 0B, C9, 4B, 9B, C1, 37, 26, 0A, 41, B8, D4, 77, 40, 02, 0F, C5, 93, 64, 9A, 30, 99, 94, E7, 04, 4E, 8B, 5B, 0A, 07, 48, 86, 5E, 82, 3A, 4F, AD...
 
[+]

Entropy:
5.5929

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
248 KB (253,952 bytes)

The file downloader.exe has been seen being distributed by the following URL.

https://sutterhealth.escriptionasp.com/Downloads/.../downloader.exe

Scan downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.