pfu_scanner_installer_b25.exe

Evernote

EVERNOTE CORPORATION

This is a self-extracting archive and installer. The file has been seen being downloaded from evernote.com.
Publisher:
Evernote Corp.  (signed by EVERNOTE CORPORATION)

Product:
Evernote

Description:
Evernote Install Helper

Version:
1.1.0.0

MD5:
636c93f550419d364f7d4f951cdae56e

SHA-1:
4d3f5ec1d9e84fe267bea5b80aa2b01b7a004dbd

SHA-256:
f78269aa06b3f2017335c3a19219d03d2289a92c83aa77003157e28608162001

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/28/2024 8:06:28 PM UTC  (today)

File size:
1.7 MB (1,730,432 bytes)

Product version:
1.1.0.0

Copyright:
Copyright © 2013 Evernote Corporation. All rights reserved.

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\pfu_scanner_installer_b25.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
11/9/2015 7:00:00 PM

Valid to:
11/7/2017 6:59:59 PM

Subject:
CN=EVERNOTE CORPORATION, O=EVERNOTE CORPORATION, L=Sunnyvale, S=California, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
4E9FBAA67EFC8AD24CE782CC7AA7F527

File PE Metadata
Compilation timestamp:
2/1/2016 9:03:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:CabeyQ1jAhBzW96KMMZ1W0dOL/bFlg00C6mHdRSSjNxW:CabeyQuzW96KjA0dOLDTx+m9RHzW

Entry address:
0x28ECD

Entry point:
E8, 00, CE, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 53, 56, FF, 75, 10, 8D, 4D, F0, E8, FD, F1, FF, FF, 8B, 5D, 08, 33, F6, 3B, DE, 75, 2F, E8, 27, 19, 00, 00, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, 94, 18, 00, 00, 83, C4, 14, 80, 7D, FC, 00, 74, 07, 8B, 45, F8, 83, 60, 70, FD, B8, FF, FF, FF, 7F, E9, C0, 00, 00, 00, 57, 8B, 7D, 0C, 3B, FE, 75, 2F, E8, F0, 18, 00, 00, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, 5D, 18, 00, 00, 83, C4, 14, 80, 7D, FC, 00, 74, 07, 8B, 45, F8...
 
[+]

Entropy:
7.6620

Code size:
365.5 KB (374,272 bytes)

The file pfu_scanner_installer_b25.exe has been seen being distributed by the following URL.

Scan pfu_scanner_installer_b25.exe - Powered by Reason Core Security