» Notes.exe
Overview
Analysis
File Details
Behaviors (1)

Notes.exe

Power Notes

Maxim Emelyashin (pw-soft.com)

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Power Notes’.

File name:

Notes.exe

Publisher:

Power Soft (signed by Maxim Emelyashin (pw-soft.com))

Product:

Power Notes

Description:

Desktop notes reminder and organizer Power Notes

Version:

3.55.1.3750

MD5:

4b9b67dcbb29223d783074d8a4dafa89

SHA-1:

28b103244cf3f74ddb34fa1bfe065ed068ccf891

SHA-256:

3682f026b5309064546ee9dca87ac7f72277a2124b025025326cce21ebd4c5b2

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 4:34:01 AM UTC (today)

File size:

4.5 MB (4,684,624 bytes)

Product version:

3.55.1.3750

Original file name:

Notes.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\power soft\power notes\notes.exe

Digital Signature

Signed by:

Maxim Emelyashin (pw-soft.com)

Authority:

The USERTRUST Network

Valid from:

1/18/2010 4:00:00 PM

Valid to:

1/19/2012 3:59:59 PM

Subject:

CN=Maxim Emelyashin (pw-soft.com), O=Maxim Emelyashin (pw-soft.com), STREET=Krupskoi 1B-60, L=Krasnoyarsk, S=NA, PostalCode=660062, C=RU

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

5305A7E2FFFABD627439D02215DB04FC

File PE Metadata

Compilation timestamp:

1/23/2011 6:56:02 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.0

CTPH (ssdeep):

98304:btIJxnsjCqxWSxlMfD45OgVXIilsM17V6A7HISNxwXZe0oEdPoq6iFm+j65ACEi8:u2jCqxWSxlMfD45OgVXIilsM17V6A7HI

Entry address:

0x17F4

Entry point:

EB, 10, 66, 62, 3A, 43, 2B, 2B, 48, 4F, 4F, 4B, 90, E9, AC, B0, 6A, 00, A1, 9F, B0, 6A, 00, C1, E0, 02, A3, A3, B0, 6A, 00, 52, 6A, 00, E8, 41, 84, 2A, 00, 8B, D0, E8, BE, 7E, 29, 00, 5A, E8, FC, 7D, 29, 00, E8, 0F, 80, 29, 00, 6A, 00, E8, B0, 9A, 29, 00, 59, 68, 48, B0, 6A, 00, 6A, 00, E8, 1B, 84, 2A, 00, A3, A7, B0, 6A, 00, 6A, 00, E9, 1B, 3E, 2A, 00, E9, E2, 9A, 29, 00, 33, C0, A0, 91, B0, 6A, 00, C3, A1, A7, B0, 6A, 00, C3, 60, BB, 00, 50, B0, BC, 53, 68, AD, 0B, 00, 00, C3, B9, EC, 00, 00, 00, 0B, C9... 
[+]

Entropy:

6.7018

Code size:

2.7 MB (2,793,472 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Power Notes

Command:

"C:\Program Files\power soft\power notes\notes.exe"

Scan Notes.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.