» myheritage_version_7_0_0_7121_size_36936376.exe
Overview
Analysis
File Details
Programs (1)
Downloads (2)

myheritage_version_7_0_0_7121_size_36936376.exe

MyHeritage Ltd.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is installed with the program MyHeritage Family Tree Builder. The file has been seen being downloaded from software-files-a.cnet.com and multiple other hosts.

File name:

Publisher:

MyHeritage Ltd. (signed and verified)

MD5:

683145ef6d91852af0b61093e2c944e4

SHA-1:

67f8ed333b74d334ff7c657d182067a7378ce672

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/26/2024 11:12:23 AM UTC (today)

Scan engine

Detection

Engine version

F-Prot

W32/Undefined.Threat

v6.4.7.1.166

File size:

35.2 MB (36,936,376 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\Documents and Settings\{user}\Myheritage_version_7_0_0_7121_size_36936376.exe

Digital Signature

Signed by:

MyHeritage Ltd.

Authority:

Thawte, Inc.

Valid from:

4/23/2012 9:00:00 PM

Valid to:

3/25/2014 8:59:59 PM

Subject:

CN=MyHeritage Ltd., OU=GENEALOGY RESEARCH, O=MyHeritage Ltd., L=Bnei Atarot, S=Bnei Atarot, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

06EC6BC2F2460615FF9E384A419CF9B5

File PE Metadata

Compilation timestamp:

12/5/2009 8:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

786432:n+wVc7/tIFTw9gjt5gGGurqNnPEGx3rBs93I2kYX3Z5f0f2+9xVOT+vI3i:nBc7/cTt5H9yhq93cM3Zt+9xVFu

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file myheritage_version_7_0_0_7121_size_36936376.exe has been discovered within the following program.

MyHeritage Family Tree Builder by MyHeritage.com

Family Tree Builder (FTB) is genealogy software to create family trees. The free download version is distributed as freeware, with no restrictions, although registration is required to run the software.

www.myheritage.com/family-tree-builder

About 2% of users remove it

The file myheritage_version_7_0_0_7121_size_36936376.exe has been seen being distributed by the following 2 URLs.

http://software-files-a.cnet.com/s/software/13/31/90/.../family_tree_builder_7121.exe

http://a.netdna.mhcache.com/FP/.../family_tree_builder_7121.exe

Scan myheritage_version_7_0_0_7121_size_36936376.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.