» 02aeedeb_stp.dat
Overview
Analysis
File Details
Downloads (34)

02aeedeb_stp.dat

Evernote

EVERNOTE CORPORATION

File name:

02aeedeb_stp.dat

Publisher:

Evernote Corp., 305 Walnut Street, Redwood City, CA 94063 (signed by EVERNOTE CORPORATION)

Product:

Evernote®

Description:

Evernote Installation Package

Version:

5,9,6,9494

MD5:

839934e0d16a779380c71d5cfe9dd45e

SHA-1:

2c1620312ff305defd8959ad4775deda432f8a44

SHA-256:

6320222a40a5cf370df126ef2738305dfaf7090ab0e8a4fb0acd24559cf9e247

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

12/27/2024 1:49:21 PM UTC (today)

File size:

91.9 MB (96,369,872 bytes)

Product version:

5,9,6,9494

Original file name:

Setup.exe

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\02aeedeb_stp.dat

Digital Signature

Signed by:

EVERNOTE CORPORATION

Authority:

Thawte, Inc.

Valid from:

11/9/2015 6:00:00 PM

Valid to:

11/7/2017 5:59:59 PM

Subject:

CN=EVERNOTE CORPORATION, O=EVERNOTE CORPORATION, L=Sunnyvale, S=California, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

4E9FBAA67EFC8AD24CE782CC7AA7F527

File PE Metadata

Compilation timestamp:

12/1/2015 5:47:13 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

1572864:rpvh7n79m6UamLa6/a1hd4iFD56KGZJsvPsC+3BtzPrln/bEyLcvoox9h9eTTcYe:rpvpn792amG6/ajd/FD5zg+vEC+JjEwC

Entry address:

0x18CFA

Entry point:

E8, F4, AC, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, 75, 08, F6, 46, 0C, 40, 57, BB, E0, EC, 43, 00, 0F, 85, 72, 01, 00, 00, 56, E8, 4D, 70, 00, 00, 59, 83, F8, FF, 74, 2E, 56, E8, 41, 70, 00, 00, 59, 83, F8, FE, 74, 22, 56, E8, 35, 70, 00, 00, C1, F8, 05, 56, 8D, 3C, 85, C0, 0C, 44, 00, E8, 25, 70, 00, 00, 83, E0, 1F, 59, C1, E0, 06, 03, 07, 59, EB, 02, 8B, C3, F6, 40, 24, 7F, 74, 4F, FF, 4E, 04, 78, 0A, 8B, 0E, 0F, B6, 01, 41, 89, 0E, EB, 07, 56, E8, 86, 78, 00, 00, 59, 83, F8, FF... 
[+]

Entropy:

7.9868 (probably packed)

Code size:

194 KB (198,656 bytes)

The file 02aeedeb_stp.dat has been seen being distributed by the following 34 URLs.

http://www.towerbitscenter.com/cy6yfmKjsRpYTFTNzENnbgEVJLaiwhCbc030K9SQnh68ANfGFwanpy6DWtmBtacNNUf3si9i2h7vXj73mWkg5uKOgpdAQjnqrgAuIaEj_5O7ygCIiYd42WKiUt7CCgyiyirBBVRPWzQzcsgETFVzn4tw_dReZFzeDqkYHgAsoJYneKoBDBIwwTTWLo2f2LrgQ5ejeduQDkk4kmpZHQ3VvAymXztvJA==-GzsAAMTOFtuZDZt1JQsIivoPDjlw AJMqKAFDrldoAVJdr1xqo9hKyAsMKhvT6lkinBS4TBeXDB_AA==

http://www.towerbitscenter.com/8ROCuNnYvnfvJ29 0pVKs_jwuC6pCfT3NupdHpPJeCFqLzPisQjKqDmj5YH37QxYZfBbQJeXbA2JRESfyj4ljAMK28V_VN05XJk2hIGJJMj0Rql6XZbNSIDVmh5K2JKhOrSRO zpGcOyb2fzHQul0wBA4sApI GhjM8p7qd_PWPJMlZ6wPsyGqu8XE7gl y809h2qwlhM78ink3 i0NHjBRPCPdRQw==-GzsAAMTOFtuZDZt1JQsIivoPDjlw AJMqKAFDrldoAVJdr1xqo9hKyAsMKhvT6lkinBS4TBeXDB_AA==

http://41.223.201.249:801/.../Evernote_5.9.6.9494.exe

http://www.filepuma.com/file/1452885489c10279/evernote_5.9.6.9494/.../0/

http://www.filepuma.com/file/1455365102c10279/evernote_5.9.6.9494/.../0/

http://www.ranchsendgift.com/iMNL8TSZFcNVmwkNeUlseo93ojAht3Uo1MV3ANuwlN9u P7bJAhMlLtqT 5Vg8qWKxxgISMQXfhOmbpw2iK0nDKNsZ8qH9CIJylAvtXX1IUBv70PbHIfSNfL01k1i2WTl5Qz0gxmG1XmgLDzrKUuHqtA6es iLMdczP8Be8c6 4fBo8Ib1wpH72Z34l9GVFTadrw2eeFr5 sT7AYazkCeSJTGGzSUA==-GzsAAMTOFtuZDZt1JQsIivoPDjlw AJMqKAFDrldoAVJdr1xqo9hKyAsMKhvT6lkinBS4TBeXDB_AA==

http://www.ranchsendgift.com/ORwPJ5jjUW0FTi7RbuTopJEepnZFeWMU4zvsMFdFs AN81SjlR7SEL1XqHAn Hx2pvnzs2gCxD6YYGPydVMd5BlkRBnAMpgeLNvYY584VgJAeDXjVLGW1Y91eKV2YFvpZKkCiOgyWWCRJxi0gBHxyuR40 xjZ5ojRu_TG H7b8Cpz0LXYHY2TNV1d_POvTqyaSRyzu2fUlvdmTosNsNyzcCuehiCeg==-GzsAAMTOFtuZDZt1JQsIivoPDjlw AJMqKAFDrldoAVJdr1xqo9hKyAsMKhvT6lkinBS4TBeXDB_AA==

http://www.ranchsendgift.com/b 4kwB5FYKHtIdmLP5prxYFLpEtYmBp2WY1nTq3n2g855tkSR_G_fZleuOJR4_DwsgTSa5DhrwObEVCS1CJFUOB9RW2ce9L8EKnH FsEppRZ3WuIaYs8L3zmfzcJtnwt20oIhJxUgnLVSu5Brqa7 Wb8ZzeC_H8OA9Cm360ZqHfbGczDmb64LZPgZODDIuqQLUmP wVWgnaidA8WQxUfHXXqJZWdQQ==-GzsAAMTOFtuZDZt1JQsIivoPDjlw AJMqKAFDrldoAVJdr1xqo9hKyAsMKhvT6lkinBS4TBeXDB_AA==

http://abpathstage.blob.core.windows.net/.../377d2f8f-8c13-4d60-b86d-2de91c633916.exe

http://www.ranchsendgift.com/y7eZwCK5ZhQOEvnA6qdl2 JLo_jwkXkSHQ4GdAkLmuD47Rd3suZt_WzZ7 HDsF0KWq8sAs0AXg6eqiwrNJBfriMqV4HnQcpVQi9TzmQEOD6BoQuaAJzsjfGnpZ K_o0F4YmsBqAsjlPbw5agiphDcCkTIQUchVM1i8HIL DJAkrDyuZdLr045BMYia3 VcncvMKk7U8dCvIGeB1gfV_hdnm5j hLTQ==-GzsAAMTOFtuZDZt1JQsIivoPDjlw AJMqKAFDrldoAVJdr1xqo9hKyAsMKhvT6lkinBS4TBeXDB_AA==

https://www.yinxiang.com/.../get.php?file=Win

http://www.filepuma.com/file/1451950520c10279/evernote_5.9.6.9494/.../0/

http://www.ranchsendgift.com/q1IbAQu3FDMif4w1Jc1Ckrj1xHeSxqkNJ46Qwk9iW8diP0HcFUW3cbFv4Sc4DpbhniSEMfuXQGUbLIdA6NXIq3CbSM 5JV9 c8nFyAm2y5HnSgAbseHx7amM2V_CqPEv5gnbFhgHI0d_jsRgHhKjAydTk8npvWNJOqoHFXxKwjLMe2YKmKXZ DCqovzC010wYTInzS89CfaUKmejW n Kd_whNnvow==-GzsAAMTOFtuZDZt1JQsIivoPDjlw AJMqKAFDrldoAVJdr1xqo9hKyAsMKhvT6lkinBS4TBeXDB_AA==

http://www.ranchsendgift.com/y31fsUFVi0J5GKzsGXgUf YNjoR5bxV LIsGIt68YFk1zlM6TChBTWVmgpvQCnZgJ4bkgU7pMtIRSX9OZAxjaGbmV0dnNnJ8F5nFxQS5AHW9K2VTTjNgqNbSJJhdLzwqreQ4j_6hQFA kM7felhu1r7 5e8X35OdpGix Wr2jGPHvbE_cDRZPROuGoZJVoA3r_BLrA dFC4zfxYFax mw6FW3ULRJA==-GzsAAMTOFtuZDZt1JQsIivoPDjlw AJMqKAFDrldoAVJdr1xqo9hKyAsMKhvT6lkinBS4TBeXDB_AA==

http://www.filepuma.com/file/1458259963c10279/evernote_5.9.6.9494/.../0/

http://www.filepuma.com/file/1458076550c10279/evernote_5.9.6.9494/.../0/

http://www.filepuma.com/file/1449837683c10279/evernote_5.9.6.9494/.../0/

https://pa-captive-portal.iu.edu.sa:6082/php/uid.php?vsys=1&url=http://fs40.filehippo.com/9030/.../Evernote_5.9.6.9494.exe

http://down.filepuma.com/files/office-suites/.../Evernote_v5.9.6.9494.exe

http://www.softportal.com/getsoft-10894-evernote-2.html

http://filehippo.com/download/file/.../

http://www.filepuma.com/file/1456127734c10279/evernote_5.9.6.9494/.../0/

http://bcdn.softcdn.ru/5.html?parameter=Evernote_Rus_Setup.exe&clr=1&se=besplatnyeprogrammy.ru&cid=304002480.1457127398&uid=78839465.46022604&ref=NO_REF

http://www.filepuma.com/file/1453745827c10279/evernote_5.9.6.9494/.../0/

http://www.filefacts.com/.../6369

http://cdn1.evernote.com/win5/.../Evernote_5.9.6.9494.exe

http://www.filepuma.com/file/1455030656c10279/evernote_5.9.6.9494/.../0/

http://www.filepuma.com/file/1454191641c10279/evernote_5.9.6.9494/.../0/

http://www.filepuma.com/file/1454037994c10279/evernote_5.9.6.9494/.../0/

http://www.filepuma.com/file/1449596247c10279/evernote_5.9.6.9494/.../0/

Latest 30 of 34 download URLs

Scan 02aeedeb_stp.dat - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.