» family_tree_builder_7138.exe
Overview
Analysis
File Details
Programs (1)
Downloads (5)

family_tree_builder_7138.exe

MyHeritage Ltd.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is installed with MyHeritage Family Tree Builder. The file has been seen being downloaded from www.myheritage.com and multiple other hosts.

File name:

Publisher:

MyHeritage Ltd. (signed and verified)

MD5:

6ecf2174ac366d7e84d04dc3ffac8633

SHA-1:

74245c94089642d65b2fde09fd7188430df68b81

SHA-256:

df1620148efbd3cb4cc1a3a63e4970ba74e503a48c1eeb557c1cdeacabb94a8d

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 8:56:01 PM UTC (today)

File size:

35.3 MB (36,986,424 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\family_tree_builder_7138.exe

Digital Signature

Signed by:

MyHeritage Ltd.

Authority:

Thawte, Inc.

Valid from:

3/6/2014 1:00:00 AM

Valid to:

3/25/2016 12:59:59 AM

Subject:

CN=MyHeritage Ltd., OU=GENEALOGY RESEARCH, O=MyHeritage Ltd., L=Bnei Atarot, S=Bnei Atarot, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

2CA2575E84E5A634941B4CDE69E36EA5

File PE Metadata

Compilation timestamp:

12/5/2009 11:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

786432:uFbVc7/tRBFTw9gjt5gGG7rqNni7dHk/19b12kYXMY/LDkDvI3i:uFZc7/LLTt5HAyOq/19rMl/3kLu

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file family_tree_builder_7138.exe has been discovered within the following program.

MyHeritage Family Tree Builder by MyHeritage.com

Family Tree Builder (FTB) is genealogy software to create family trees. The free download version is distributed as freeware, with no restrictions, although registration is required to run the software.

www.myheritage.com/family-tree-builder

About 2% of users remove it

The file family_tree_builder_7138.exe has been seen being distributed by the following 5 URLs.

http://www.myheritage.com/FP/.../family_tree_builder_7138.exe

http://software-files-a.cnet.com/s/software/13/80/00/.../family_tree_builder_7138.exe

https://web.archive.org/web/20140815055910/http://a.netdna.mhcache.com/FP/.../family_tree_builder_7138.exe

https://web.archive.org/web/20140815051900/http://a.netdna.mhcache.com/FP/.../family_tree_builder_7138.exe

http://a.netdna.mhcache.com/FP/.../family_tree_builder_7138.exe

Scan family_tree_builder_7138.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.