home

family_tree_builder_1198.exe

MyHeritage Ltd.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is installed with the program MyHeritage Family Tree Builder. The file has been seen being downloaded from a.cf.mhcache.com.
Publisher:
MyHeritage Ltd.  (signed and verified)

MD5:
b01be1f73b5ba7631f02e204744320dc

SHA-1:
f7a8bd9df0597d4f50e56e5d77b1edbeddb90cb0

SHA-256:
2b49ed196a68a2d73b9d3cf014d1f5ae6fb711c341aaf032faf94e8bde2fda6e

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
5/1/2024 12:24:34 AM UTC  (today)

Scan engine
Detection
Engine version

Vba32 AntiVirus
BScope.Trojan.Diple
3.12.24.3

File size:
24.4 MB (25,584,760 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\family_tree_builder_1198.exe

Digital Signature
Signed by:
MyHeritage Ltd.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
12/30/2009 10:00:00 PM

Valid to:
3/24/2012 8:59:59 PM

Subject:
CN=MyHeritage Ltd., OU=GENEALOGY RESEARCH, O=MyHeritage Ltd., L=Bnei Atarot, S=Bnei Atarot, C=IL

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
207972D020D72811F5DE51CCF58B7044

File PE Metadata
Compilation timestamp:
12/5/2009 8:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
786432:CFz+GC0FTw3FmtVewGbx9JVn1Hjpw1vvI3ik:CFSGv+mtswUx95HjpwJu3

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file family_tree_builder_1198.exe has been discovered within the following program.

MyHeritage Family Tree Builder  by MyHeritage.com
Family Tree Builder (FTB) is genealogy software to create family trees. The free download version is distributed as freeware, with no restrictions, although registration is required to run the software.
www.myheritage.com/family-tree-builder
About 2% of users remove it
 
Powered by Should I Remove It?

The file family_tree_builder_1198.exe has been seen being distributed by the following URL.

http://a.cf.mhcache.com/FP/.../family_tree_builder_1198.exe

Scan family_tree_builder_1198.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.