× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0d0001d160a74242943f738b42d759105f1f1803d20c4dc430fe0e4bdaa42207
File name: xnsw.exe
Detection ratio: 0 / 66
Analysis date: 2017-11-13 06:45:03 UTC ( 1 month ago ) View latest
Antivirus Result Update
Ad-Aware 20171113
AegisLab 20171113
AhnLab-V3 20171112
Alibaba 20170911
Antiy-AVL 20171113
Arcabit 20171113
Avast 20171113
Avast-Mobile 20171112
AVG 20171113
Avira (no cloud) 20171112
Baidu 20171113
BitDefender 20171113
Bkav 20171111
CAT-QuickHeal 20171111
ClamAV 20171113
CMC 20171109
Comodo 20171113
CrowdStrike Falcon (ML) 20171016
Cybereason 20171030
Cylance 20171113
Cyren 20171113
DrWeb 20171113
eGambit 20171113
Emsisoft 20171113
Endgame 20171024
ESET-NOD32 20171113
F-Prot 20171113
F-Secure 20171113
Fortinet 20171113
GData 20171113
Ikarus 20171112
Sophos ML 20170914
Jiangmin 20171113
K7AntiVirus 20171113
K7GW 20171113
Kaspersky 20171113
Kingsoft 20171113
Malwarebytes 20171113
MAX 20171113
McAfee 20171113
McAfee-GW-Edition 20171113
Microsoft 20171113
eScan 20171113
NANO-Antivirus 20171113
nProtect 20171113
Palo Alto Networks (Known Signatures) 20171113
Panda 20171112
Qihoo-360 20171113
Rising 20171113
SentinelOne (Static ML) 20171019
Sophos AV 20171113
SUPERAntiSpyware 20171112
Symantec 20171112
Symantec Mobile Insight 20171110
Tencent 20171113
TheHacker 20171112
TotalDefense 20171113
TrendMicro 20171113
TrendMicro-HouseCall 20171113
Trustlook 20171113
VBA32 20171110
VIPRE 20171113
ViRobot 20171113
Webroot 20171113
WhiteArmor 20171104
Yandex 20171110
Zillya 20171110
ZoneAlarm by Check Point 20171113
Zoner 20171113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2015 Dmitry Nikitin

Product XNote Stopwatch
Original name xnsw.exe
Internal name xnsw
File version 1, 69, 0, 5
Description Professional stopwatch, countdown timer and clock
Signature verification Signed file, verified signature
Signing date 3:13 PM 8/15/2017
Signers
[+] Dmitry Nikitin
Status Valid
Issuer StartCom Class 2 Object CA
Valid from 11:16 AM 9/23/2016
Valid to 11:16 AM 9/23/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint B332CE80E6434D3EE0B474D9A684F75F6B70D527
Serial number 3D 18 00 62 69 4F A5 FD D8 53 76 CB 14 0F 90 7F
[+] StartCom Class 2 Object CA
Status Valid
Issuer StartCom Certification Authority
Valid from 2:00 AM 12/16/2015
Valid to 2:00 AM 12/16/2030
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 1F6421C176CF03ED52CC37F21B587F166CEB828B
Serial number 6C 3B D2 7E DD 3C 94 9E 95 8E 28 A9 B3 C7 57 A0
[+] StartCom Certification Authority
Status Valid
Issuer StartCom Certification Authority
Valid from 8:46 PM 9/17/2006
Valid to 8:46 PM 9/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
Serial number 01
Counter signers
[+] StartCom Time Stamping Signer
Status Valid
Issuer StartCom Class 3 Primary Intermediate Object CA
Valid from 2:00 AM 12/28/2015
Valid to 2:00 AM 10/12/2022
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint CD78DC95DE34612F8893B35B2C71489A8B6002D1
Serial number 60 2B 71 7F 8B BA 95 76 CC 0B 59 C7 92 76 D4 82
[+] StartCom Class 3 Primary Intermediate Object CA
Status Valid
Issuer StartCom Certification Authority
Valid from 11:03 PM 10/14/2007
Valid to 11:03 PM 10/14/2022
Valid usage All
Algorithm sha256RSA
Thumbrint F960E82855F1C52C8B162DD93EDA220B3DFF1389
Serial number 1B 86 12 67 7A E1 9D
[+] StartCom Certification Authority
Status Valid
Issuer StartCom Certification Authority
Valid from 8:46 PM 9/17/2006
Valid to 8:46 PM 9/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
Serial number 01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-15 14:03:32
Entry Point 0x00021A66
Number of sections 5
PE sections
Overlays
MD5 35e5a4a13db95080f48cd6e9029de2ad
File type data
Offset 567808
Size 20560
Entropy 7.41
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
ImageList_Create
InitCommonControlsEx
ImageList_Add
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
ChooseFontA
PlayEnhMetaFileRecord
DeleteEnhMetaFile
PatBlt
SaveDC
TextOutA
CreateFontIndirectA
GetObjectA
ExcludeClipRect
DeleteDC
RestoreDC
SetBkMode
BitBlt
CreateDIBSection
SetTextColor
GetDeviceCaps
GetStockObject
AddFontMemResourceEx
CreateEnhMetaFileA
CreateCompatibleDC
CloseEnhMetaFile
SetDCBrushColor
SelectObject
EnumEnhMetaFile
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
GetPrivateProfileStructA
FileTimeToSystemTime
GetOverlappedResult
WaitForSingleObject
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
ExpandEnvironmentStringsA
FreeEnvironmentStringsW
GetLocaleInfoW
WaitCommEvent
SetStdHandle
GetCommModemStatus
GetCPInfo
GetStringTypeA
WritePrivateProfileStructA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
SetEvent
InitializeCriticalSection
LoadResource
TlsGetValue
QueueUserWorkItem
OutputDebugStringA
SetLastError
GetUserDefaultLangID
Beep
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
RaiseException
EnumSystemLocalesA
GetPrivateProfileStringA
SetThreadPriority
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
WritePrivateProfileSectionA
FlushInstructionCache
RegisterWaitForSingleObject
CreateThread
GetPrivateProfileSectionA
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
ExitThread
SetPriorityClass
TerminateProcess
WriteConsoleA
VirtualQuery
SetEndOfFile
GetCurrentThreadId
GetProcAddress
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetPrivateProfileIntA
SetCommMask
GetUserDefaultLCID
GetProcessHeap
CompareStringW
lstrcmpA
InterlockedIncrement
CompareStringA
CreateFileMappingA
IsValidLocale
WaitForMultipleObjects
GlobalLock
SetCommState
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
lstrlenW
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
QueryPerformanceFrequency
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
GetCommState
CloseHandle
GetTimeFormatA
GetACP
GetModuleHandleW
GetDefaultCommConfigA
SizeofResource
IsValidCodePage
HeapCreate
VirtualFree
Sleep
WriteConsoleW
FindResourceA
VirtualAlloc
ResetEvent
AccessibleObjectFromWindow
LoadRegTypeLib
OleCreateFontIndirect
SysStringLen
VarCmp
CreateErrorInfo
SysAllocStringLen
VarBstrCmp
VariantClear
SysAllocString
DispCallFunc
SetErrorInfo
LoadTypeLib
SysFreeString
VariantChangeType
VariantInit
SHGetFolderPathAndSubDirA
ShellExecuteW
Shell_NotifyIconA
ShellExecuteExA
ShellExecuteA
PathRemoveArgsA
PathRemoveExtensionA
PathAppendA
PathCombineA
PathQuoteSpacesA
ColorRGBToHLS
ColorAdjustLuma
ColorHLSToRGB
PathGetArgsA
PathUnquoteSpacesA
PathFindFileNameA
SHSetValueA
PathRenameExtensionA
StrTrimA
PathFileExistsA
RedrawWindow
GetForegroundWindow
DestroyMenu
PostQuitMessage
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
WindowFromPoint
GetDC
GetCursorPos
MapDialogRect
GetDlgCtrlID
UnregisterClassA
SendMessageA
GetClientRect
AllowSetForegroundWindow
CallNextHookEx
GetWindowTextLengthA
LoadImageA
GetWindowTextA
InvalidateRgn
RegisterClassExA
DestroyWindow
DrawEdge
GetParent
UpdateWindow
CheckRadioButton
GetClassInfoExA
ShowWindow
SetClassLongA
SetDlgItemInt
EnableWindow
SetWindowPlacement
GetDlgItemTextA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
GetDlgItemInt
LoadStringA
SetClipboardData
IsZoomed
GetWindowPlacement
EnableMenuItem
TrackPopupMenuEx
GetWindowLongA
CreateWindowExA
FillRect
CharNextA
GetSysColorBrush
GetUpdateRect
CreateAcceleratorTableA
IsChild
IsDialogMessageA
SetFocus
GetMessageA
SetCapture
BeginPaint
OffsetRect
KillTimer
GetMonitorInfoA
RegisterWindowMessageA
DefWindowProcA
CheckMenuRadioItem
MapWindowPoints
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
PostMessageA
ReleaseCapture
SetWindowLongA
CheckDlgButton
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
SetTimer
GetDlgItem
CreateDialogParamA
BringWindowToTop
ClientToScreen
InsertMenuA
FindWindowExA
LoadCursorA
LoadIconA
SetWindowsHookExA
IsDlgButtonChecked
DestroyAcceleratorTable
GetDesktopWindow
GetSystemMenu
SetForegroundWindow
OpenClipboard
EmptyClipboard
ReleaseDC
SetLayeredWindowAttributes
EndDialog
LoadMenuA
ScreenToClient
MessageBeep
DrawTextExA
UnhookWindowsHookEx
SetDlgItemTextA
MoveWindow
MessageBoxA
GetWindowDC
DialogBoxParamA
GetSysColor
GetKeyState
SystemParametersInfoA
UpdateLayeredWindow
IsWindowVisible
MonitorFromWindow
DeleteMenu
InvalidateRect
CallWindowProcA
GetClassNameA
GetFocus
CloseClipboard
mciSendCommandA
CreateStreamOnHGlobal
OleUninitialize
CoUninitialize
OleInitialize
CoInitializeEx
GetRunningObjectTable
CoCreateInstance
CLSIDFromProgID
OleLockRunning
BindMoniker
PropVariantClear
CoTaskMemAlloc
CLSIDFromString
StringFromGUID2
CoGetClassObject
Number of PE resources by type
RT_DIALOG 14
RT_BITMAP 7
RT_ICON 2
RT_MENU 2
CRYPTED 1
RT_FONT 1
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_STRING 1
RT_FONTDIR 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH NEUTRAL 33
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.69.0.5

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
332288

EntryPoint
0x21a66

OriginalFileName
xnsw.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2015 Dmitry Nikitin

FileVersion
1, 69, 0, 5

TimeStamp
2017:08:15 15:03:32+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
xnsw

ProductVersion
1, 69, 0, 5

FileDescription
Professional stopwatch, countdown timer and clock

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
dnSoft Research Group

CodeSize
234496

ProductName
XNote Stopwatch

ProductVersionNumber
1.69.0.5

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 378661ae1331707c3e1d49165bc9d26e
SHA1 8ba72f5572f78f1c245d65514c7c8bef63f07e9a
SHA256 0d0001d160a74242943f738b42d759105f1f1803d20c4dc430fe0e4bdaa42207
ssdeep
12288:KAjno5gKPpzbgsLL6eyItBH6cmyIsZyr+VVLV:KenAxzbgsLL60tBHXmyZT

authentihash 886e97e20ee97d54bf86f3575478303d2146d31bdbc23a2865ae0d84ff6c6205
imphash 4f5cbb5254397df01c94cef6e2462492
File size 574.6 KB ( 588368 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.4%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-08-15 15:18:42 UTC ( 4 months ago )
Last submission 2017-12-11 12:45:48 UTC ( 3 days, 19 hours ago )
File names xnsw.exe
timer.exe
xnsw.exe
xnsw.exe
xnsw
xnsw.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications