home

essetup.exe

ExpressScribe

NCH Software

This is a self-extracting archive and installer. This file is installed with multiple programs including Express Scribe Transcription Software and Express Scribe. The file has been seen being downloaded from cts.vresp.com and multiple other hosts.
Publisher:
NCH Software  (signed and verified)

Product:
ExpressScribe

Description:
Express Scribe

Version:
5.63+

MD5:
36a06cd570ac45715e3656c1893f4c4f

SHA-1:
d7d676e695de02bf614838c46957c77d636ca460

SHA-256:
7711b1abe1fb6cd5473f05845cbfbf0a4810aee51aeddd2a93d6a934b8644981

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/19/2024 8:55:12 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Bundled.Toolbar.Google (variant)
8.9498

File size:
1009.5 KB (1,033,768 bytes)

Copyright:
NCH Software

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\essetup.exe

Digital Signature
Signed by:
NCH Software

Authority:
Thawte, Inc.

Valid from:
5/20/2013 8:00:00 AM

Valid to:
8/8/2015 7:59:59 AM

Subject:
CN=NCH Software, O=NCH Software, L=Canberra, S=Australian Capital Territory, C=AU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6A560820FA3E9AD8E5411734B1D40AD5

File PE Metadata
Compilation timestamp:
12/10/2013 1:05:55 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:fAQMkQ5hw6oqV5UO5yCcxkCey5A/hKYC+/NHqokc1xl/CoGDxbjCzV:py7T7UsMey5A/hKYC+/ec7FbGNvCh

Entry address:
0x21D8

Entry point:
55, 8B, EC, 83, E4, F8, 81, EC, FC, 16, 00, 00, 53, 56, 57, E8, 03, FF, FF, FF, 33, DB, 3B, C3, 89, 44, 24, 14, 0F, 85, DF, 03, 00, 00, 6A, 06, 53, FF, 15, 88, 10, 40, 00, FF, 15, 4C, 10, 40, 00, 68, 6C, 14, 40, 00, 8B, F0, E8, CB, 03, 00, 00, 85, C0, 74, 10, 68, 7C, 14, 40, 00, 68, 80, 14, 40, 00, FF, 15, 00, 10, 40, 00, 68, 90, 14, 40, 00, 8B, C6, E8, AB, 03, 00, 00, 3B, C3, 74, 49, 83, C0, 0E, EB, 08, 66, 83, F9, 20, 75, 0A, 40, 40, 0F, B7, 08, 66, 3B, CB, 75, F0, 0F, B7, 08, 33, F6, 66, 3B, CB, 74, 20...
 
[+]

Entropy:
7.9963

Developed / compiled with:
Microsoft Visual C++

The file essetup.exe has been discovered within the following programs.

Express Scribe  by NCH Software
During installation the program will offer the user to install the NCH Toolbar, an ad-supported web browser toolbar.
www.nch.com.au/scribe/index.html
24% remove it
Express Scribe Transcription Software  by NCH Software
www.nch.com.au/scribe/support.html
About 2% of users remove it
 
Powered by Should I Remove It?

The file essetup.exe has been seen being distributed by the following 2 URLs.

http://cts.vresp.com/c/?NCHSoftware/cbd0b2ef20/0a4e75eaf3/.../ref=nls133WB

http://www.nch.com.au/.../essetup.exe

Scan essetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.