× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 58f14d98d77996904ca9b33d107973eed49ea434381e734838460e5b293197fd
File name: 418022
Detection ratio: 1 / 69
Analysis date: 2018-12-05 00:23:05 UTC ( 3 months, 3 weeks ago ) View latest
Antivirus Result Update
Trapmine suspicious.low.ml.score 20181128
Ad-Aware 20181204
AegisLab 20181204
AhnLab-V3 20181204
Alibaba 20180921
ALYac 20181204
Antiy-AVL 20181204
Arcabit 20181204
Avast 20181204
Avast-Mobile 20181204
AVG 20181204
Avira (no cloud) 20181204
Babable 20180918
Baidu 20181204
BitDefender 20181204
Bkav 20181203
CAT-QuickHeal 20181204
ClamAV 20181203
CMC 20181204
Comodo 20181204
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181205
Cyren 20181204
DrWeb 20181204
eGambit 20181205
Emsisoft 20181204
Endgame 20181108
ESET-NOD32 20181205
F-Prot 20181204
F-Secure 20181204
Fortinet 20181204
GData 20181204
Ikarus 20181204
Sophos ML 20181128
Jiangmin 20181204
K7AntiVirus 20181204
K7GW 20181204
Kaspersky 20181204
Kingsoft 20181205
Malwarebytes 20181204
MAX 20181205
McAfee 20181204
McAfee-GW-Edition 20181204
Microsoft 20181204
eScan 20181205
NANO-Antivirus 20181205
Palo Alto Networks (Known Signatures) 20181205
Panda 20181204
Qihoo-360 20181205
Rising 20181205
SentinelOne (Static ML) 20181011
Sophos AV 20181205
SUPERAntiSpyware 20181128
Symantec 20181205
Symantec Mobile Insight 20181204
TACHYON 20181204
Tencent 20181205
TheHacker 20181202
TotalDefense 20181205
TrendMicro 20181205
TrendMicro-HouseCall 20181204
Trustlook 20181205
VBA32 20181204
VIPRE 20181204
ViRobot 20181204
Webroot 20181205
Yandex 20181204
Zillya 20181204
ZoneAlarm by Check Point 20181204
Zoner 20181204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2014 Evernote Corporation. All rights reserved.

Product Evernote®
Original name Setup.exe
Internal name Setup.exe
File version 5,1,1,2334
Description Evernote Installation Package
Signature verification Certificate out of its validity period
Signers
[+] EVERNOTE CORPORATION
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Code Signing CA - G2
Valid from 11:00 PM 10/08/2013
Valid to 11:59 PM 11/07/2015
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha1RSA
Thumbprint DD93836805C2F582D83F46E664B312139BB55DDA
Serial number 28 19 01 92 B2 9B 0E 27 13 2E 4E 42 D4 F3 82 09
[+] Thawte Code Signing CA - G2
Status Valid
Issuer thawte Primary Root CA
Valid from 12:00 AM 02/08/2010
Valid to 11:59 PM 02/07/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7
Serial number 47 97 4D 78 73 A5 BC AB 0D 2F B3 70 19 2F CE 5E
[+] thawte
Status Valid
Issuer thawte Primary Root CA
Valid from 12:00 AM 11/17/2006
Valid to 10:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-16 21:15:15
Entry Point 0x0001903A
Number of sections 5
PE sections
Overlays
MD5 6ad148da4fd3329e84da991f1dde6485
File type data
Offset 59226112
Size 2912
Entropy 7.38
PE imports
RegCreateKeyExW
GetTokenInformation
RegEnumValueW
ConvertStringSidToSidW
CreateWellKnownSid
OpenProcessToken
GetUserNameW
IsValidSid
FreeSid
ConvertSidToStringSidW
RegOpenKeyExW
CheckTokenMembership
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyW
LookupAccountNameW
RegCloseKey
RegQueryValueExW
LookupAccountSidW
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetFileAttributesW
GetLocalTime
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
ResumeThread
GetExitCodeProcess
CreateEventW
LoadResource
FindClose
TlsGetValue
GetFullPathNameW
SetLastError
InitializeCriticalSection
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FlushInstructionCache
GetModuleHandleA
CreateThread
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetEndOfFile
GetVersion
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
OpenProcess
GetStartupInfoW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
CompareStringW
CompareStringA
FindFirstFileW
IsValidLocale
GetProcAddress
GetTempPathW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
FindResourceW
LCMapStringA
GetEnvironmentStringsW
lstrlenW
VirtualFree
FileTimeToLocalFileTime
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCurrentDirectoryA
HeapSize
InterlockedCompareExchange
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FreeResource
WideCharToMultiByte
IsValidCodePage
HeapCreate
FindResourceExW
CreateProcessW
Sleep
VirtualAlloc
SysFreeString
VariantInit
VariantClear
SysAllocString
EnumProcesses
EnumProcessModules
GetModuleBaseNameW
Ord(92)
SHGetSpecialFolderPathW
ShellExecuteExW
CommandLineToArgvW
PathAddBackslashW
SHCopyKeyW
PathCombineW
SHDeleteKeyW
PathAppendW
GetUserNameExW
RegisterWindowMessageW
GetMonitorInfoW
GetParent
UpdateWindow
EndDialog
EnumWindows
FindWindowW
KillTimer
SetWindowPos
GetSystemMetrics
SetWindowLongW
IsWindow
GetWindowRect
EnableWindow
SetRectEmpty
DialogBoxParamW
IsWindowEnabled
PostMessageW
SetActiveWindow
SendMessageW
UnregisterClassA
wsprintfW
LoadStringW
SetWindowTextW
GetDlgItem
SystemParametersInfoW
MessageBoxW
MonitorFromWindow
SetRect
InvalidateRect
SetTimer
GetActiveWindow
MonitorFromPoint
CopyRect
IsRectEmpty
SendMessageTimeoutW
GetWindowLongW
ExitWindowsEx
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
WTSQuerySessionInformationW
WTSFreeMemory
Ord(45)
Ord(70)
Ord(246)
Ord(205)
CoUninitialize
CoInitializeEx
CoCreateInstance
CoInitialize
CoInitializeSecurity
Number of PE resources by type
RT_STRING 42
RT_DIALOG 21
RT_ICON 3
BIN 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
NEUTRAL 5
SWEDISH 3
FRENCH 3
CHINESE SIMPLIFIED 3
SPANISH MODERN 3
DUTCH 3
ITALIAN 3
SERBIAN CYRILLIC 3
PORTUGUESE BRAZILIAN 3
KOREAN 3
MALAY MALAYSIA 3
PORTUGUESE 3
GERMAN 3
POLISH DEFAULT 3
JAPANESE DEFAULT 3
DANISH DEFAULT 3
TURKISH DEFAULT 3
CHINESE TRADITIONAL 3
THAI DEFAULT 3
RUSSIAN 3
SERBIAN LATIN 3
PE resources
Debug information
ExifTool file metadata
SpecialBuild
Public

SubsystemVersion
5.0

SvnRevision
270334

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.1.2334

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

FileDescription
Evernote Installation Package

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
59025408

EntryPoint
0x1903a

OriginalFileName
Setup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2014 Evernote Corporation.

FileVersion
5,1,1,2334

TimeStamp
2014:01:16 22:15:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup.exe

ProductVersion
5,1,1,2334

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Evernote Corp., 305 Walnut Street, Redwood City, CA 94063

CodeSize
199680

ProductName
Evernote

ProductVersionNumber
5.1.1.2334

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 93d5a3182dc318652e8a03a712698940
SHA1 588c43d7bc9d9056c0b52b572d5138024befb31b
SHA256 58f14d98d77996904ca9b33d107973eed49ea434381e734838460e5b293197fd
ssdeep
786432:RsLqzMjOi9yZWCr4z78nrhRmhk8szuayb6m8JXKbx/hu/Luzf/nTDMy399WCRCz:UqzaOi3Cc74zzc8xjLuzzDMoPWCEz

authentihash 4dd22bc9305ae30294ad94b434360d425b47f95919d051a1fc3deae93bfe1c89
imphash 98500f342635219674f80bdd43b4372b
File size 56.5 MB ( 59229024 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (35.0%)
Win32 EXE PECompact compressed (generic) (33.8%)
Win64 Executable (generic) (22.4%)
Win32 Executable (generic) (3.6%)
OS/2 Executable (generic) (1.6%)
Tags
peexe overlay signed software-collection

VirusTotal metadata
First submission 2014-01-17 08:46:56 UTC ( 5 years, 2 months ago )
Last submission 2016-04-19 00:05:14 UTC ( 2 years, 11 months ago )
File names evernote-5-1-1-2334-es-en-br-fr-de-it-cn-jp-ar-ru-nl-pl-cz-dk-fi-gr-in-kr-no-se-tr-cat-win.exe
EvernoteSetup.exe
58F14D98D77996904CA9B33D107973EED49EA434381E734838460E5B293197FD
evernote_5.1.1.2334.exe
418022
EvernoteSetup.exe
Evernote_5.1.1.2334.exe
Evernote_5.1.1.2334.exe
Setup.exe
Evernote5112334.exe
Evernote_5.1.1.2334.exe
Evernote_5.1.1.2334.exe
Evernote_5.1.1.2334.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!