» eScriptionDownloader.exe
Overview
Analysis
File Details
Downloads (3)

eScriptionDownloader.exe

eScriptionDownloader

Axiom Technologies

The executable eScriptionDownloader.exe has been detected as malware by 1 anti-virus scanner. The file has been seen being downloaded from univutah.escriptionasp.com and multiple other hosts.

File name:

Publisher:

Axiom Technologies

Product:

eScriptionDownloader

Version:

10.08

MD5:

f415cf9520d7671e7ca9c98900ba3008

SHA-1:

a450054384cc1f9c2a27fe3da5c6e90f12dfcf4a

SHA-256:

67818d45abc7db0921222b2b3acc43f847e738b70abe7907f094291ea24b69dd

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

7/17/2025 1:38:30 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Threat.Win.Reputation.IMP

16.1.30.7

File size:

276.1 KB (282,697 bytes)

Product version:

10.08

Original file name:

eScriptionDownloader.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\escription\editscriptv10\escriptiondownloader.exe

File PE Metadata

Compilation timestamp:

11/7/2012 12:31:48 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:4+3oVIE5u9iHzubHh6Z4AcgvlsBNv1w2NO3w08B91EcBsp1scViwzmjfum8aM3U6:t4AW1/aCh3

Entry address:

0x72DC

Entry point:

68, 8C, 96, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 60, F3, 9E, 0C, 6D, 85, 02, 4C, 8E, 59, BA, CA, 89, 0C, 0C, 09, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 41, 00, 86, 50, 82, 01, 45, 53, 44, 6F, 77, 6E, 6C, 6F, 61, 64, 65, 72, 56, 31, 30, 00, 00, 00, 00, 00, FF, CC, 31, 00, 0B, 51, 74, DF, D0, 2C, DA, 5A, 4F, B6, FF, 18, E2, AF, AE, B9, C3, AC, 15, 16, 43, 16, 27, 4B, 4F, 91, 04, BF, 93, EE, 9B, 28, 2D, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Entropy:

5.6006

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

256 KB (262,144 bytes)

The file eScriptionDownloader.exe has been seen being distributed by the following 3 URLs.

https://univutah.escriptionasp.com/Downloads/.../downloader.exe

https://hcaatl.escriptionasp.com/Downloads/.../downloader.exe

https://sharp.escriptionasp.com/Downloads/.../downloader.exe

Remove eScriptionDownloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.