Evernote.exe
- File Path:
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe - Description: Evernote
Screenshot
Hashes
| Type | Hash |
|---|---|
| MD5 | 55FF086EA1F3F67716038501CC91E96A |
| SHA1 | 7B5CC02D7B2002FF3BC3C1A99BDA0C517B02D532 |
| SHA256 | 47F8271F2F6EAF39987DC966BB2D3BA22E6491DE316A2860F4071CA56DE8298A |
| SHA384 | 6671A4174D39333AF3812E4CC9413E7241940BEEEF084D0C444DE8241165DE608D9D127DDDB3DF570CCD0ECE51A3BD80 |
| SHA512 | 5D42FA0E04C54ACBB2D98E7A5DA007F543F2F798F86F96D2716152E34DA62CD8B8A3462215B135D3DF15514E606C36F1FE0BD2B8BFC0DA4D3D4DB48453184CA2 |
| SSDEEP | 393216:SPKZzhiINVPHCcdjs/KGIJqp7Oc+C5nj5QwWv:SS2INVPCGw/KG0ljw6 |
| IMP | 97BCF5B2ACFD3F5CC92FA53B7FE987AB |
| PESHA1 | 27EECCB1A698CAED5642DFF83CDAA22F396E5EF6 |
| PE256 | 588E4F9C81281984CDF212BD3D4182F6FBC9BB7A62B895743A3DD4403A32A5D3 |
Runtime Data
Window Title:
Evernote License Agreement
Open Handles:
| Path | Type |
|---|---|
| (R–) C:\Users\user\AppData\Local\Temp\Evernote_exe_PID8584_2020924_18452700ccf9ff.lock | File |
| (R-D) C:\Windows\Fonts\StaticCache.dat | File |
| (R-D) C:\Windows\SysWOW64\en-US\ntdll.dll.mui | File |
| (R-D) C:\Windows\SysWOW64\en-US\user32.dll.mui | File |
| (RW-) C:\Users\user\Evernote\Logs\AppLog_2020-09-24.txt | File |
| (RW-) C:\Windows | File |
| (RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_11b1e5df2ffd8627 | File |
| (RW-) C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.508_none_429cdbca8a8ffa94 | File |
| (RW-) C:\xCyclopedia | File |
| \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 | Section |
| \BaseNamedObjects\NLS_CodePage_437_3_2_0_0 | Section |
| \Sessions\1\BaseNamedObjects\ENInstancesSM | Section |
| \Sessions\1\BaseNamedObjects\ENLogListener | Section |
| \Sessions\1\BaseNamedObjects\windows_shell_global_counters | Section |
| \Sessions\1\Windows\Theme2547664911 | Section |
| \Windows\Theme3854699184 | Section |
Loaded Modules:
| Path |
|---|
| C:\Program Files (x86)\Evernote\Evernote\Evernote.exe |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\wow64.dll |
| C:\Windows\System32\wow64cpu.dll |
| C:\Windows\System32\wow64win.dll |
Signature
- Status: Signature verified.
- Serial:
0F6C6C76C237FDBD4775DF1EEC48E4E7 - Thumbprint:
AC51E96E30DB8C8AB1657078805399F405626259 - Issuer: CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US
- Subject: CN=Evernote Corporation, O=Evernote Corporation, L=Redwood City, S=CA, C=US
File Metadata
- Original Filename: Evernote.exe
- Product Name: Evernote
- Company Name: Evernote Corp., 305 Walnut Street, Redwood City, CA 94063
- File Version: 6,25,1,9091
- Product Version: 6,25,1,9091
- Language: English (United States)
- Legal Copyright: Copyright 2020 Evernote Corporation. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/72
- VirusTotal Link: https://www.virustotal.com/gui/file/47f8271f2f6eaf39987dc966bb2d3ba22e6491de316a2860f4071ca56de8298a/detection/
Possible Misuse
The following table contains possible examples of Evernote.exe being misused. While Evernote.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | proc_creation_win_regedit_import_keys.yml | - Evernote |
DRL 1.0 |
| sigma | registry_event_office_vsto_persistence.yml | - '\regsvr32.exe' # e.g. default Evernote installation |
DRL 1.0 |
| malware-ioc | misp-dukes-operation-ghost-event.json | "value": "http://www.evernote.com/shard/s675/sh/6686ff4e-8896-499b-8cdb-a2bbf2cc4db9/fc7fbe66c820f17c30147235e95d31b8", |
© ESET 2014-2018 |
| malware-ioc | dukes | http://www.evernote[.]com/shard/s675/sh/6686ff4e-8896-499b-8cdb-a2bbf2cc4db9/fc7fbe66c820f17c30147235e95d31b8 |
© ESET 2014-2018 |
MIT License. Copyright (c) 2020-2021 Strontic.