» evernote_5.1.1.2334.exe
Overview
Analysis
File Details
Programs (1)
Downloads (17)

evernote_5.1.1.2334.exe

Evernote

EVERNOTE CORPORATION

This is a self-extracting archive and installer. The file has been seen being downloaded from www.filepuma.com and multiple other hosts.

File name:

Publisher:

Evernote Corp., 305 Walnut Street, Redwood City, CA 94063 (signed by EVERNOTE CORPORATION)

Product:

Evernote®

Description:

Evernote Installation Package

Version:

5,1,1,2334

MD5:

93d5a3182dc318652e8a03a712698940

SHA-1:

588c43d7bc9d9056c0b52b572d5138024befb31b

SHA-256:

58f14d98d77996904ca9b33d107973eed49ea434381e734838460e5b293197fd

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

12/26/2024 8:12:36 AM UTC (today)

File size:

56.5 MB (59,229,024 bytes)

Product version:

5,1,1,2334

Original file name:

Setup.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\evernote\evernote\autoupdate\evernote_5.1.1.2334.exe

Digital Signature

Signed by:

EVERNOTE CORPORATION

Authority:

Thawte, Inc.

Valid from:

10/9/2013 8:00:00 AM

Valid to:

11/8/2015 7:59:59 AM

Subject:

CN=EVERNOTE CORPORATION, O=EVERNOTE CORPORATION, L=Sunnyvale, S=California, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

28190192B29B0E27132E4E42D4F38209

File PE Metadata

Compilation timestamp:

1/17/2014 5:15:15 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

786432:RsLqzMjOi9yZWCr4z78nrhRmhk8szuayb6m8JXKbx/hu/Luzf/nTDMy399WCRCz:UqzaOi3Cc74zzc8xjLuzzDMoPWCEz

Entry address:

0x1903A

Entry point:

E8, D3, AC, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, 75, 08, F6, 46, 0C, 40, 57, BB, E0, EC, 43, 00, 0F, 85, 72, 01, 00, 00, 56, E8, 1D, 70, 00, 00, 59, 83, F8, FF, 74, 2E, 56, E8, 11, 70, 00, 00, 59, 83, F8, FE, 74, 22, 56, E8, 05, 70, 00, 00, C1, F8, 05, 56, 8D, 3C, 85, C0, 0C, 44, 00, E8, F5, 6F, 00, 00, 83, E0, 1F, 59, C1, E0, 06, 03, 07, 59, EB, 02, 8B, C3, F6, 40, 24, 7F, 74, 4F, FF, 4E, 04, 78, 0A, 8B, 0E, 0F, B6, 01, 41, 89, 0E, EB, 07, 56, E8, 56, 78, 00, 00, 59, 83, F8, FF... 
[+]

Entropy:

7.9741 (probably packed)

Code size:

195 KB (199,680 bytes)

The file evernote_5.1.1.2334.exe has been discovered within the following program.

360Amigo System Speedup Free by 360Amigo

360Amigo is registry optimizer. 360Amigo System Speedup bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).

www.360amigo.com

53% remove it

The file evernote_5.1.1.2334.exe has been seen being distributed by the following 17 URLs.

http://www.filepuma.com/file2/1393629892c5042/evernote_5.1.1.2334/.../

http://www.filepuma.com/file2/1390346861c5042/evernote_5.1.1.2334/.../

https://www.evernote.com/about/.../get.php?file=Win

http://www.evernote.com/about/.../get.php?file=Win

http://www.filepuma.com/file2/1390741139c5042/evernote_5.1.1.2334/.../

http://www.filepuma.com/file2/1393430506c5042/evernote_5.1.1.2334/.../

http://www.filepuma.com/file2/1393430234c5042/evernote_5.1.1.2334/.../

http://www.filepuma.com/file2/1392042790c5042/evernote_5.1.1.2334/.../

http://www.filepuma.com/file2/1390688097c5042/evernote_5.1.1.2334/.../

http://www.filepuma.com/file2/1390220199c5042/evernote_5.1.1.2334/.../

https://evernote.com/.../get.php?file=Win

http://filehippo.com/download/file/.../

http://fs33.filehippo.com/3298/.../Evernote_5.1.1.2334.exe

http://www.filepuma.com/file2/1390661698c5042/evernote_5.1.1.2334/.../

http://www.filepuma.com/file2/1391028924c5042/evernote_5.1.1.2334/.../

http://evernote.com/.../get.php?file=Win

http://cdn1.evernote.com/win5/.../Evernote_5.1.1.2334.exe

Scan evernote_5.1.1.2334.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.