home

Escndv.exe

EPSON Scan

SEIKO EPSON CORP.

This is installed with EPSON Scan. The file has been seen being downloaded from mail.google.com and multiple other hosts.
Publisher:
SEIKO EPSON CORP.

Product:
EPSON Scan

Version:
3.7.8.0

MD5:
e61dce4b8fcbdfd26d6570b3b062d16b

SHA-1:
adac6ced0a9f1c052fabb6b009ef400d3afd8e7f

SHA-256:
c289a261684bf8135b9a76ae54b3d2d34a49fccc05e3ef15c7b80e6d6aea5a77

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/18/2024 3:01:09 AM UTC  (today)

File size:
144 KB (147,456 bytes)

Product version:
3.7.8.0

Copyright:
Copyright (C) SEIKO EPSON CORP. 2002

Original file name:
Escndv.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\epson\escndv\escndv.exe

File PE Metadata
Compilation timestamp:
8/30/2010 3:02:04 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:nsA0e28NW2zDKRXgyjAnUP8MsZ7ELscppjJyCFbgjZKIYkSAo+Mg+JHlU/Vfunrb:nsAlNW2zDKRXgKAnUP8MsZ7ELscpV9Pz

Entry address:
0xE70C

Entry point:
55, 8B, EC, 6A, FF, 68, 08, 96, 41, 00, 68, 7C, 35, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 14, 91, 41, 00, 33, D2, 8A, D4, 89, 15, 60, C7, 41, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 5C, C7, 41, 00, C1, E1, 08, 03, CA, 89, 0D, 58, C7, 41, 00, C1, E8, 10, A3, 54, C7, 41, 00, 33, F6, 56, E8, 46, 26, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 49, 4C, 00, 00, FF, 15, 10, 91, 41, 00, A3, 94, DD, 41, 00, E8...
 
[+]

Entropy:
5.8740

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
96 KB (98,304 bytes)

The file Escndv.exe has been discovered within the following program.

EPSON Scan  by SEIKO EPSON Corporation
Epson Scan comes with Epson scanners and has simple manual adjustments, but requires vigilance to control the default settings that are not optimal for archival scanning and can reappear unexpectedly.
www.epson.com
1% remove it
 
Powered by Should I Remove It?

The file Escndv.exe has been seen being distributed by the following 11 URLs.

https://mail.google.com/mail/u/.../?ui=2&ik=82625e93f8&view=att&th=144fc9181b9cd820&attid=0.1&disp=safe&realattid=f_ht83bssj1&zw

http://maildown.nate.com/app/msg/.../?mboxid=30&msgid=1434&fi=1

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_1_18331998_AGZ2w0MAABL5VinVKwyK8I 7M5o&fid=Inbox&pid=6&clean=0&appid=YahooMailNeo&ymreqid=6f4959ec-9dd1-a312-016a-390053010000

https://messageriepro.orange.fr/nc/G05R00C26/OFX/fr-FR/.../download.html?CHECK_ATTACHEMENT=TRUE&PJRANG=2&csid=1455802643211&cbe=MET&token=o56c5c82515de02.49803606

https://bf1-attach.ymail.com/au.f1415.mail.yahoo.com/.../securedownload?mid=2_0_0_3_49833_ALjmjkQAABIAU3MzmAAAAI0CJ5A&fid=Draft&pid=2&clean=0&appid=YahooMailNeo&cred=AaYSXHGGhBJV2Su930c0ChZfa4hgukfjWUFa_VlWospEnA--&ts=1400058800&partner=ymail&sig=aIY.VbWaG4d59vxJJQ2EzQ--

https://mg.mail.yahoo.com/.../download?mid=2_0_0_3_49833_ALjmjkQAABIAU3MzmAAAAI0CJ5A&fid=Draft&pid=2&clean=0&appid=YahooMailNeo

http://bf1-attach.ymail.com/us.f1416.mail.yahoo.com/.../securedownload?mid=2_0_0_1_46429_AFXrHkgAAAqOUfbH0AAAAPsMHQI&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo&cred=KsfiiQjhf5d_x4tilGY13vUZOcBPO2isL.xtQy7bIxb9ot3dOkD3OlM.&ts=1375127767&partner=ymail&sig=kpErvHDiNYuOQBKVnBg58A--

http://bf1-attach.ymail.com/us.f1416.mail.yahoo.com/.../securedownload?mid=2_0_0_1_46429_AFXrHkgAAAqOUfbH0AAAAPsMHQI&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo&cred=QAWmhCv8f5cq.lGihchpPL3OB52hFfhHCSM1D_Wddnhm9rgvKC3hjOb5&ts=1375127754&partner=ymail&sig=T5l9hktwRDXGaK_gSl1fTw--

http://us-mg6.mail.yahoo.com/.../download?mid=2_0_0_1_46429_AFXrHkgAAAqOUfbH0AAAAPsMHQI&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo

http://bf1-attach.ymail.com/us.f1416.mail.yahoo.com/.../securedownload?mid=2_0_0_3_142_AFXrHkgAAAqxUfbIfvC9wGW5Ry4&fid=Draft&pid=2&clean=0&appid=YahooMailNeo&cred=SaK4kd1Jf5cLbBIFeeg0JNkx_.yY7THpWxt6w8.jK0M5ckevtP7xXsWV&ts=1375127679&partner=ymail&sig=RCgjCnNgwX02kUlK8aGOdg--

http://us-mg6.mail.yahoo.com/.../download?mid=2_0_0_3_142_AFXrHkgAAAqxUfbIfvC9wGW5Ry4&fid=Draft&pid=2&clean=0&appid=YahooMailNeo

Scan Escndv.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.