home

essetup.exe

NCH Software

This is a setup program which is used to install the application. This is installed with Express Scribe. The file has been seen being downloaded from doc-00-ac-docs.googleusercontent.com.
Publisher:
NCH Software  (signed and verified)

Description:
Express Scribe

Version:
5.13

MD5:
95ce2725ae87a3aec65c333b70c68fc9

SHA-1:
ab8f934350fc3ef40e914c52c0cf37cd7bb26253

SHA-256:
eb28c96bcca8bf13873b0fa3a3de8d170a30640404005cd9be39cdcc003dd1ea

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/26/2024 2:33:34 PM UTC  (today)

File size:
847.1 KB (867,400 bytes)

Copyright:
NCH Software

File type:
Executable application (Win32 EXE)

Language:
English (Australia)

Common path:
C:\users\{user}\downloads\essetup.exe

Digital Signature
Signed by:
NCH Software

Authority:
Thawte, Inc.

Valid from:
7/24/2010 7:00:00 PM

Valid to:
8/3/2011 6:59:59 PM

Subject:
CN=NCH Software, O=NCH Software, L=Canberra, S=Australian Capital Territory, C=AU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
68C35978C8EC7147CF6D69A1E5F11396

File PE Metadata
Compilation timestamp:
11/11/2010 8:30:20 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:Wk/bgwEVWe4mvYIED05yaari1HR52KS9Y8FiNbtzQ:nEJG0gX2cAzQ

Entry address:
0x2025

Entry point:
55, 8D, 6C, 24, 88, 81, EC, C8, 0C, 00, 00, 53, 56, 68, 98, 10, 40, 00, FF, 15, 0C, 10, 40, 00, 8B, F0, 68, A8, 10, 40, 00, 56, FF, 15, 28, 10, 40, 00, 33, DB, 85, C0, 75, 3A, 6A, 24, 68, BC, 10, 40, 00, 68, E8, 10, 40, 00, 53, FF, 15, 70, 10, 40, 00, 83, F8, 06, 75, 11, 6A, 01, 53, 53, 68, 20, 12, 40, 00, 53, 53, FF, 15, 64, 10, 40, 00, 56, FF, 15, 50, 10, 40, 00, 33, C0, 5E, 40, 5B, 83, C5, 78, C9, C3, 6A, 06, 53, FF, 15, 80, 10, 40, 00, FF, 15, 00, 10, 40, 00, 8B, C8, E8, CA, 02, 00, 00, 85, C0, 74, 10...
 
[+]

Entropy:
7.9951  (probably packed)

The file essetup.exe has been discovered within the following program.

Express Scribe  by NCH Software
During installation the program will offer the user to install the NCH Toolbar, an ad-supported web browser toolbar.
www.nch.com.au/scribe/index.html
24% remove it
 
Powered by Should I Remove It?

The file essetup.exe has been seen being distributed by the following URL.

https://doc-00-ac-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/ghvr06g03d889buttqgm4c4sf1at9gu6/1444946400000/01475090449557218532/.../0B4TzBXMOilHBTmZQSVVWX0dEbHc?e=download

Scan essetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.