× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3795de2faf73bc9243c501aab988a250b5eae112fc6e774a8b6624bee0599360
File name: .
Detection ratio: 23 / 71
Analysis date: 2019-03-11 18:10:19 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Acronis suspicious 20190222
Avast Win32:BankerX-gen [Trj] 20190311
AVG Win32:BankerX-gen [Trj] 20190311
CMC Trojan.Win32.Swizzor.1!O 20190311
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cylance Unsafe 20190311
DrWeb Trojan.Siggen8.14829 20190311
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.CPES 20190311
Fortinet W32/Kryptik.CPES!tr 20190311
Ikarus Trojan-Banker.Emotet 20190311
Sophos ML heuristic 20181128
K7GW Trojan ( 004bd3231 ) 20190311
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.gen 20190311
McAfee Emotet-FMI!3813412F367C 20190311
Qihoo-360 HEUR/QVM20.1.C6D5.Malware.Gen 20190311
Rising Trojan.Azden!8.F0E3 (TFE:dGZlOgILWWOoyvTzUw) 20190311
SentinelOne (Static ML) DFI - Malicious PE 20190311
Symantec ML.Attribute.HighConfidence 20190311
Trapmine malicious.moderate.ml.score 20190301
VBA32 BScope.TrojanBanker.Chthonic 20190311
Webroot W32.Trojan.Emotet 20190311
ZoneAlarm by Check Point HEUR:Trojan-Banker.Win32.Emotet.gen 20190311
Ad-Aware 20190311
AegisLab 20190311
AhnLab-V3 20190311
Alibaba 20190306
ALYac 20190311
Antiy-AVL 20190311
Arcabit 20190311
Avast-Mobile 20190311
Avira (no cloud) 20190311
Babable 20180918
Baidu 20190306
BitDefender 20190311
Bkav 20190311
CAT-QuickHeal 20190311
ClamAV 20190311
Comodo 20190311
Cybereason 20190109
Cyren 20190311
eGambit 20190311
Emsisoft 20190311
F-Prot 20190311
F-Secure 20190311
GData 20190311
Jiangmin 20190311
K7AntiVirus 20190311
Kingsoft 20190311
Malwarebytes 20190311
MAX 20190311
McAfee-GW-Edition 20190311
Microsoft 20190307
eScan 20190311
NANO-Antivirus 20190311
Palo Alto Networks (Known Signatures) 20190311
Panda 20190311
Sophos AV 20190311
SUPERAntiSpyware 20190307
Symantec Mobile Insight 20190220
TACHYON 20190311
Tencent 20190311
TheHacker 20190308
TotalDefense 20190311
TrendMicro 20190311
TrendMicro-HouseCall 20190311
Trustlook 20190311
VIPRE 20190311
ViRobot 20190311
Yandex 20190310
Zillya 20190311
Zoner 20190311
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2016 Evernote Corporation. All rights reserved.

Product Evernote®
Original name EvernotePlayer.exe
Internal name EvernotePlayer
File version 6,4,2,3788
Description Evernote Player Application
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 11:24 AM 4/6/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-11 10:13:49
Entry Point 0x00001950
Number of sections 4
PE sections
Overlays
MD5 6386dd578c72c58c60c6d78d95239924
File type data
Offset 332288
Size 3336
Entropy 7.33
PE imports
RegCreateKeyExW
RegCloseKey
RegCreateKeyExA
CopySid
RegQueryValueExA
RegDeleteKeyW
RegQueryValueExW
GetSidSubAuthorityCount
RegOpenKeyA
OpenProcessToken
RegOpenKeyExW
RegOpenKeyW
RegOpenKeyExA
GetTokenInformation
CryptReleaseContext
IsValidSid
GetSidIdentifierAuthority
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
CryptAcquireContextW
GetSidSubAuthority
GetLengthSid
OpenThreadToken
RegEnumValueW
RegSetValueExW
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
RegSetValueExA
CryptGenRandom
InitCommonControlsEx
PropertySheetW
CreatePatternBrush
DeleteEnhMetaFile
BRUSHOBJ_hGetColorTransform
CloseFigure
RestoreDC
DeleteObject
GetNearestPaletteIndex
BitBlt
SaveDC
GdiConvertMetaFilePict
IntersectClipRect
GetClipBox
SetBkColor
GetObjectType
SetThreadLocale
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
ReleaseMutex
WaitForSingleObject
PurgeComm
SetEndOfFile
HeapDestroy
SignalObjectAndWait
SetConsoleCursorPosition
GetFileAttributesW
GetCommandLineW
DuplicateHandle
GetLocalTime
GetAtomNameW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
FileTimeToDosDateTime
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
ExitProcess
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
lstrcmpiA
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
ResumeThread
SetEvent
LocalFree
FormatMessageW
GetThreadPriority
GetLogicalDriveStringsA
InitializeCriticalSection
LoadResource
GetStringTypeExW
EnumCalendarInfoW
FindClose
InterlockedDecrement
GetFullPathNameW
WritePrivateProfileStringW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
DeviceIoControl
TlsGetValue
GlobalFindAtomW
lstrcpynW
GetModuleFileNameW
TryEnterCriticalSection
BeginUpdateResourceA
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
LoadLibraryA
GlobalAddAtomW
SetConsoleCtrlHandler
GetSystemDefaultLCID
LoadLibraryExW
MultiByteToWideChar
GetPrivateProfileStructW
GetPrivateProfileStringW
GetModuleHandleA
InterlockedExchangeAdd
CreateThread
GetSystemDefaultUILanguage
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
GetVolumeNameForVolumeMountPointW
ClearCommError
ExitThread
WaitForMultipleObjectsEx
TerminateProcess
WriteConsoleA
GlobalAlloc
RtlZeroMemory
VirtualQueryEx
FileTimeToLocalFileTime
ReadConsoleW
GetVersion
InterlockedIncrement
WriteConsoleW
MulDiv
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
SetConsoleTextAttribute
TlsAlloc
VirtualProtect
GetVersionExA
GlobalUnfix
RtlUnwind
FreeLibrary
GetStartupInfoA
DosDateTimeToFileTime
GetWindowsDirectoryW
GetFileSize
LCMapStringW
GetDateFormatW
BindIoCompletionCallback
CreateDirectoryW
DeleteFileW
GetProcAddress
GetConsoleScreenBufferInfo
GetProcessHeap
GetComputerNameW
CompareStringW
RemoveDirectoryW
lstrlen
FindNextFileW
HeapValidate
ResetEvent
FindFirstFileW
IsValidLocale
lstrcmpW
WaitForMultipleObjects
GlobalLock
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
ReadConsoleOutputAttribute
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
GlobalDeleteAtom
SetConsoleMode
GetSystemInfo
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
EnumSystemLocalesW
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
CreateProcessW
SwitchToThread
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCompressedFileSizeW
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
GetCurrentThread
SuspendThread
ExpandEnvironmentStringsW
RaiseException
TlsFree
SetFilePointer
ReadFile
DeleteAtom
CloseHandle
GetACP
GetModuleHandleW
FreeResource
GetCPInfoExW
GetFileAttributesExW
FindResourceExW
SizeofResource
IsValidCodePage
HeapCreate
WriteFile
VirtualQuery
VirtualFree
FatalAppExitA
Sleep
SetThreadPriority
OpenSemaphoreW
VirtualAlloc
ShellAboutA
DragQueryFileW
SHGetFolderPathW
SHGetFileInfo
SHIsFileAvailableOffline
ShellExecuteW
SHGetSettings
SHGetSpecialFolderPathA
ShellExecuteExW
SHAppBarMessage
SHFileOperationW
CommandLineToArgvW
SHFileOperationA
StrCmpNIW
StrRChrW
StrChrA
StrStrW
StrCmpNA
StrRStrIW
MapWindowPoints
SendNotifyMessageA
GetMonitorInfoW
IsWindowUnicode
GetParent
EnableWindow
RegisterWindowMessageW
EndDialog
DrawTextW
HideCaret
OffsetRect
MessageBoxTimeoutW
KillTimer
EndMenu
PostQuitMessage
ShowWindow
IsWindowEnabled
LoadBitmapA
SetWindowPos
GetListBoxInfo
SetWindowLongW
SendMessageW
GetWindowRect
DispatchMessageA
EndPaint
PeekMessageA
OpenIcon
PostMessageA
ReleaseCapture
DialogBoxParamW
GetMessageExtraInfo
IsMenu
SetWindowLongA
IsCharAlphaNumericW
TranslateMessage
GetMessageTime
PostMessageW
GetSysColor
GetDC
GetKeyState
ReleaseDC
BeginPaint
GetDoubleClickTime
MsgWaitForMultipleObjects
CloseWindow
RedrawWindow
CharNextW
PtInRect
SendMessageA
DlgDirSelectExW
SetWindowTextW
ToAscii
GetDlgItem
DrawMenuBar
SystemParametersInfoW
LoadIconW
MonitorFromWindow
InSendMessage
CloseWindowStation
InvalidateRect
InsertMenuA
GetWindowLongA
IsClipboardFormatAvailable
SetTimer
IsCharUpperA
LoadStringW
FillRect
LoadStringA
IsDlgButtonChecked
GetClientRect
CloseDesktop
ChangeDisplaySettingsExW
GetDialogBaseUnits
GetSystemMenu
GetFocus
CreateMenu
GetWindowLongW
SetForegroundWindow
WindowFromDC
DestroyWindow
Number of PE resources by type
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 1
ENGLISH US 1
PE resources
ExifTool file metadata
SpecialBuild
Internal

SubsystemVersion
5.0

InitializedDataSize
219136

ImageVersion
0.0

ProductName
Evernote

FileVersionNumber
6.4.2.3788

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0037

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
EvernotePlayer.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6,4,2,3788

TimeStamp
2019:03:11 11:13:49+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
EvernotePlayer

ProductVersion
6,4,2,3788

FileDescription
Evernote Player Application

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright 2016 Evernote Corporation.

MachineType
Intel 386 or later, and compatibles

CompanyName
Evernote Corp., 305 Walnut Street, Redwood City, CA 94063

CodeSize
112128

FileSubtype
0

ProductVersionNumber
6.4.2.3788

EntryPoint
0x1950

ObjectFileType
Dynamic link library

File identification
MD5 3813412f367c9f99a5d319380e9ee65d
SHA1 68b526c4fda05f5e0bddb570d939644f52eef10b
SHA256 3795de2faf73bc9243c501aab988a250b5eae112fc6e774a8b6624bee0599360
ssdeep
3072:lDSa8GTsKzYKXWRpbbQlf082OvAsuKW28r4MCpyDuN/sy0WfaK4vMzeLq+c1WPEb:lDpL7EbQf/2kAnKW4fdgK40KLk368xf1

authentihash 910588462da3224cf781f7bb7f57565f0da2c4d4adb676e419948100c6b6ea92
imphash 9e00d3e3f067b9e1b72779d1c0c792db
File size 327.8 KB ( 335624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-11 18:10:19 UTC ( 1 month, 1 week ago )
Last submission 2019-03-11 18:10:19 UTC ( 1 month, 1 week ago )
File names .
EvernotePlayer
EvernotePlayer.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections