» phraseexpress.exe
Overview
Analysis
File Details
Behaviors (1)

phraseexpress.exe

PhraseExpress 4

Bartels Media

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘PhraseExpress’.

File name:

phraseexpress.exe

Publisher:

Bartels Media (signed and verified)

Product:

PhraseExpress 4

Version:

4.1.14.0

MD5:

4eadc8f6a2cca2bf82409260256b9b4c

SHA-1:

ceefdc3f53e0998dedade7544039c419f433113f

SHA-256:

8f2a002f9ad3c6e4904470384aae321144119a97711f9fd1d525bf2f2e829b37

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/24/2024 7:52:38 AM UTC (today)

File size:

2 MB (2,067,048 bytes)

Product version:

4.0.46.0

Original file name:

phraseexpress.exe

File type:

Executable application (Win32 EXE)

Language:

German (Germany)

Common path:

C:\Program Files\phraseexpress\phraseexpress.exe

Digital Signature

Signed by:

Bartels Media

Authority:

GlobalSign nv-sa

Valid from:

6/12/2007 4:00:26 PM

Valid to:

6/12/2009 4:00:26 PM

Subject:

E=bartels@bartelsmedia.com, CN=Bartels Media, O=Bartels Media, C=DE

Issuer:

CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:

010000000001131EF2A9EF

File PE Metadata

Compilation timestamp:

6/20/1992 6:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:kMGv/Adlnhl41XFAXFxsY/mX39nnnTQfjQj:k4t8n3j

Entry address:

0x15AC18

Entry point:

55, 8B, EC, B9, 08, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, B8, 3C, 98, 55, 00, E8, 9B, CF, EA, FF, 33, C0, 55, 68, 4E, B0, 55, 00, 64, FF, 30, 64, 89, 20, 68, 60, B0, 55, 00, 6A, 00, 6A, 00, E8, 43, D2, EA, FF, 8B, D8, 85, DB, 74, 10, E8, 38, D3, EA, FF, 3D, B7, 00, 00, 00, 0F, 85, A8, 01, 00, 00, 6A, 00, 68, 70, B0, 55, 00, E8, D1, D9, EA, FF, 8B, F8, 85, FF, 0F, 84, 81, 01, 00, 00, B8, B8, D9, 56, 00, E8, 95, A8, EA, FF, E8, 84, 87, EA, FF, 8B, F0, 85, F6, 0F, 8E, 50, 01, 00, 00, BB, 01... 
[+]

Entropy:

6.6982

Developed / compiled with:

Microsoft Visual C++

Code size:

1.4 MB (1,417,728 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

PhraseExpress

Command:

C:\Program Files\phraseexpress\phraseexpress.exe

Scan phraseexpress.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.