× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 58f14d98d77996904ca9b33d107973eed49ea434381e734838460e5b293197fd
File name: 418022
Detection ratio: 0 / 64
Analysis date: 2019-03-22 04:25:17 UTC ( 2 months ago ) View latest
Antivirus Result Update
Acronis 20190322
Ad-Aware 20190322
AegisLab 20190322
AhnLab-V3 20190322
Alibaba 20190306
ALYac 20190322
Antiy-AVL 20190322
Arcabit 20190321
Avast 20190322
Avast-Mobile 20190321
AVG 20190322
Avira (no cloud) 20190322
Babable 20180918
Baidu 20190318
BitDefender 20190322
Bkav 20190320
CAT-QuickHeal 20190320
ClamAV 20190321
CMC 20190321
Comodo 20190322
CrowdStrike Falcon (ML) 20190212
Cybereason 20190109
Cyren 20190322
DrWeb 20190322
eGambit 20190322
Emsisoft 20190322
Endgame 20190321
ESET-NOD32 20190322
F-Secure 20190322
Fortinet 20190322
GData 20190322
Sophos ML 20190313
Jiangmin 20190322
K7AntiVirus 20190321
K7GW 20190322
Kaspersky 20190322
Kingsoft 20190322
Malwarebytes 20190322
MAX 20190322
McAfee 20190322
McAfee-GW-Edition 20190321
Microsoft 20190322
eScan 20190322
NANO-Antivirus 20190322
Palo Alto Networks (Known Signatures) 20190322
Panda 20190321
Qihoo-360 20190322
Rising 20190322
SentinelOne (Static ML) 20190317
Sophos AV 20190322
SUPERAntiSpyware 20190321
Symantec Mobile Insight 20190220
TACHYON 20190322
Tencent 20190322
TheHacker 20190320
TotalDefense 20190318
Trapmine 20190301
TrendMicro-HouseCall 20190322
Trustlook 20190322
VBA32 20190321
ViRobot 20190322
Yandex 20190321
Zillya 20190321
ZoneAlarm by Check Point 20190322
Zoner 20190322
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2014 Evernote Corporation. All rights reserved.

Product Evernote®
Original name Setup.exe
Internal name Setup.exe
File version 5,1,1,2334
Description Evernote Installation Package
Signature verification Certificate out of its validity period
Signers
[+] EVERNOTE CORPORATION
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Code Signing CA - G2
Valid from 12:00 AM 10/09/2013
Valid to 12:59 AM 11/08/2015
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha1RSA
Thumbprint DD93836805C2F582D83F46E664B312139BB55DDA
Serial number 28 19 01 92 B2 9B 0E 27 13 2E 4E 42 D4 F3 82 09
[+] Thawte Code Signing CA - G2
Status Valid
Issuer thawte Primary Root CA
Valid from 01:00 AM 02/08/2010
Valid to 12:59 AM 02/08/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7
Serial number 47 97 4D 78 73 A5 BC AB 0D 2F B3 70 19 2F CE 5E
[+] thawte
Status Valid
Issuer thawte Primary Root CA
Valid from 01:00 AM 11/17/2006
Valid to 11:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-16 21:15:15
Entry Point 0x0001903A
Number of sections 5
PE sections
Overlays
MD5 6ad148da4fd3329e84da991f1dde6485
File type data
Offset 59226112
Size 2912
Entropy 7.38
PE imports
RegCreateKeyExW
GetTokenInformation
RegEnumValueW
ConvertStringSidToSidW
CreateWellKnownSid
OpenProcessToken
GetUserNameW
IsValidSid
FreeSid
ConvertSidToStringSidW
RegOpenKeyExW
CheckTokenMembership
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyW
LookupAccountNameW
RegCloseKey
RegQueryValueExW
LookupAccountSidW
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetFileAttributesW
GetLocalTime
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
ResumeThread
GetExitCodeProcess
CreateEventW
LoadResource
FindClose
TlsGetValue
GetFullPathNameW
SetLastError
InitializeCriticalSection
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FlushInstructionCache
GetModuleHandleA
CreateThread
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetEndOfFile
GetVersion
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
OpenProcess
GetStartupInfoW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
CompareStringW
CompareStringA
FindFirstFileW
IsValidLocale
GetProcAddress
GetTempPathW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
FindResourceW
LCMapStringA
GetEnvironmentStringsW
lstrlenW
VirtualFree
FileTimeToLocalFileTime
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCurrentDirectoryA
HeapSize
InterlockedCompareExchange
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FreeResource
WideCharToMultiByte
IsValidCodePage
HeapCreate
FindResourceExW
CreateProcessW
Sleep
VirtualAlloc
SysFreeString
VariantInit
VariantClear
SysAllocString
EnumProcesses
EnumProcessModules
GetModuleBaseNameW
Ord(92)
SHGetSpecialFolderPathW
ShellExecuteExW
CommandLineToArgvW
PathAddBackslashW
SHCopyKeyW
PathCombineW
SHDeleteKeyW
PathAppendW
GetUserNameExW
RegisterWindowMessageW
GetMonitorInfoW
GetParent
UpdateWindow
EndDialog
EnumWindows
FindWindowW
KillTimer
SetWindowPos
GetSystemMetrics
SetWindowLongW
IsWindow
GetWindowRect
EnableWindow
SetRectEmpty
DialogBoxParamW
IsWindowEnabled
PostMessageW
SetActiveWindow
SendMessageW
UnregisterClassA
wsprintfW
LoadStringW
SetWindowTextW
GetDlgItem
SystemParametersInfoW
MessageBoxW
MonitorFromWindow
SetRect
InvalidateRect
SetTimer
GetActiveWindow
MonitorFromPoint
CopyRect
IsRectEmpty
SendMessageTimeoutW
GetWindowLongW
ExitWindowsEx
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
WTSQuerySessionInformationW
WTSFreeMemory
Ord(45)
Ord(70)
Ord(246)
Ord(205)
CoUninitialize
CoInitializeEx
CoCreateInstance
CoInitialize
CoInitializeSecurity
Number of PE resources by type
RT_STRING 42
RT_DIALOG 21
RT_ICON 3
BIN 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
NEUTRAL 5
SWEDISH 3
FRENCH 3
CHINESE SIMPLIFIED 3
SPANISH MODERN 3
DUTCH 3
ITALIAN 3
SERBIAN CYRILLIC 3
PORTUGUESE BRAZILIAN 3
KOREAN 3
MALAY MALAYSIA 3
PORTUGUESE 3
GERMAN 3
POLISH DEFAULT 3
JAPANESE DEFAULT 3
DANISH DEFAULT 3
TURKISH DEFAULT 3
CHINESE TRADITIONAL 3
THAI DEFAULT 3
RUSSIAN 3
SERBIAN LATIN 3
PE resources
Debug information
ExifTool file metadata
SpecialBuild
Public

SubsystemVersion
5.0

SvnRevision
270334

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.1.2334

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

FileDescription
Evernote Installation Package

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
59025408

EntryPoint
0x1903a

OriginalFileName
Setup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2014 Evernote Corporation.

FileVersion
5,1,1,2334

TimeStamp
2014:01:16 22:15:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup.exe

ProductVersion
5,1,1,2334

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Evernote Corp., 305 Walnut Street, Redwood City, CA 94063

CodeSize
199680

ProductName
Evernote

ProductVersionNumber
5.1.1.2334

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 93d5a3182dc318652e8a03a712698940
SHA1 588c43d7bc9d9056c0b52b572d5138024befb31b
SHA256 58f14d98d77996904ca9b33d107973eed49ea434381e734838460e5b293197fd
ssdeep
786432:RsLqzMjOi9yZWCr4z78nrhRmhk8szuayb6m8JXKbx/hu/Luzf/nTDMy399WCRCz:UqzaOi3Cc74zzc8xjLuzzDMoPWCEz

authentihash 4dd22bc9305ae30294ad94b434360d425b47f95919d051a1fc3deae93bfe1c89
imphash 98500f342635219674f80bdd43b4372b
File size 56.5 MB ( 59229024 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (35.0%)
Win32 EXE PECompact compressed (generic) (33.8%)
Win64 Executable (generic) (22.4%)
Win32 Executable (generic) (3.6%)
OS/2 Executable (generic) (1.6%)
Tags
peexe software-collection signed overlay

VirusTotal metadata
First submission 2014-01-17 08:46:56 UTC ( 5 years, 4 months ago )
Last submission 2016-04-19 00:05:14 UTC ( 3 years, 1 month ago )
File names evernote-5-1-1-2334-es-en-br-fr-de-it-cn-jp-ar-ru-nl-pl-cz-dk-fi-gr-in-kr-no-se-tr-cat-win.exe
EvernoteSetup.exe
58F14D98D77996904CA9B33D107973EED49EA434381E734838460E5B293197FD
evernote_5.1.1.2334.exe
418022
EvernoteSetup.exe
Evernote_5.1.1.2334.exe
Evernote_5.1.1.2334.exe
Setup.exe
Evernote5112334.exe
Evernote_5.1.1.2334.exe
Evernote_5.1.1.2334.exe
Evernote_5.1.1.2334.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!