× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2ef5c5ca4e513f69586edf09fcc9dc3450b499e8bc6185ee32949e6fc5dbbf4a
File name: xnsw.exe
Detection ratio: 1 / 61
Analysis date: 2017-05-13 18:45:49 UTC ( 2 weeks, 1 day ago ) View latest
Antivirus Result Update
Invincea virus.win32.parite.a 20170413
Ad-Aware 20170513
AegisLab 20170513
AhnLab-V3 20170513
Alibaba 20170513
ALYac 20170513
Antiy-AVL 20170513
Arcabit 20170513
Avast 20170513
AVG 20170513
Avira (no cloud) 20170513
AVware 20170513
Baidu 20170503
BitDefender 20170513
Bkav 20170513
CAT-QuickHeal 20170513
ClamAV 20170513
CMC 20170513
Comodo 20170513
CrowdStrike Falcon (ML) 20170130
Cyren 20170513
DrWeb 20170513
Emsisoft 20170513
Endgame 20170503
ESET-NOD32 20170513
F-Prot 20170513
F-Secure 20170513
Fortinet 20170513
GData 20170513
Ikarus 20170513
Jiangmin 20170513
K7AntiVirus 20170513
K7GW 20170513
Kaspersky 20170513
Kingsoft 20170513
Malwarebytes 20170513
McAfee 20170513
McAfee-GW-Edition 20170513
Microsoft 20170513
eScan 20170513
NANO-Antivirus 20170513
nProtect 20170513
Palo Alto Networks (Known Signatures) 20170513
Panda 20170513
Qihoo-360 20170513
Rising 20170513
SentinelOne (Static ML) 20170330
Sophos 20170513
SUPERAntiSpyware 20170513
Symantec 20170513
Symantec Mobile Insight 20170512
Tencent 20170513
TheHacker 20170508
TrendMicro 20170513
TrendMicro-HouseCall 20170513
Trustlook 20170513
VBA32 20170512
VIPRE 20170513
ViRobot 20170513
Webroot 20170513
WhiteArmor 20170512
Yandex 20170512
Zillya 20170511
ZoneAlarm by Check Point 20170513
Zoner 20170513
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2015 Dmitry Nikitin

Product XNote Stopwatch
Original name xnsw.exe
Internal name xnsw
File version 1, 69, 0, 5
Description Professional stopwatch, countdown timer and clock
Signature verification Signed file, verified signature
Signing date 5:28 PM 2/15/2017
Signers
[+] Dmitry Nikitin
Status Valid
Issuer StartCom Class 2 Object CA
Valid from 11:16 AM 9/23/2016
Valid to 11:16 AM 9/23/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint B332CE80E6434D3EE0B474D9A684F75F6B70D527
Serial number 3D 18 00 62 69 4F A5 FD D8 53 76 CB 14 0F 90 7F
[+] StartCom Class 2 Object CA
Status Valid
Issuer StartCom Certification Authority
Valid from 2:00 AM 12/16/2015
Valid to 2:00 AM 12/16/2030
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 1F6421C176CF03ED52CC37F21B587F166CEB828B
Serial number 6C 3B D2 7E DD 3C 94 9E 95 8E 28 A9 B3 C7 57 A0
[+] StartCom Certification Authority
Status Valid
Issuer StartCom Certification Authority
Valid from 8:46 PM 9/17/2006
Valid to 8:46 PM 9/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
Serial number 01
Counter signers
[+] StartCom Time Stamping Signer
Status Valid
Issuer StartCom Class 3 Primary Intermediate Object CA
Valid from 2:00 AM 12/28/2015
Valid to 2:00 AM 10/12/2022
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint CD78DC95DE34612F8893B35B2C71489A8B6002D1
Serial number 60 2B 71 7F 8B BA 95 76 CC 0B 59 C7 92 76 D4 82
[+] StartCom Class 3 Primary Intermediate Object CA
Status Valid
Issuer StartCom Certification Authority
Valid from 11:03 PM 10/14/2007
Valid to 11:03 PM 10/14/2022
Valid usage All
Algorithm sha256RSA
Thumbrint F960E82855F1C52C8B162DD93EDA220B3DFF1389
Serial number 1B 86 12 67 7A E1 9D
[+] StartCom Certification Authority
Status Valid
Issuer StartCom Certification Authority
Valid from 8:46 PM 9/17/2006
Valid to 8:46 PM 9/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
Serial number 01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-15 16:12:54
Entry Point 0x00021E16
Number of sections 5
PE sections
Overlays
MD5 99629cbb0a757f9454ba623c0ef14df3
File type data
Offset 567808
Size 20560
Entropy 7.41
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
ImageList_Create
InitCommonControlsEx
ImageList_Add
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
ChooseFontA
PlayEnhMetaFileRecord
DeleteEnhMetaFile
PatBlt
SaveDC
TextOutA
CreateFontIndirectA
GetObjectA
ExcludeClipRect
DeleteDC
RestoreDC
SetBkMode
BitBlt
CreateDIBSection
SetTextColor
GetDeviceCaps
GetStockObject
AddFontMemResourceEx
CreateEnhMetaFileA
CreateCompatibleDC
CloseEnhMetaFile
SetDCBrushColor
SelectObject
EnumEnhMetaFile
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
GetPrivateProfileStructA
FileTimeToSystemTime
GetOverlappedResult
WaitForSingleObject
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
ExpandEnvironmentStringsA
FreeEnvironmentStringsW
GetLocaleInfoW
WaitCommEvent
SetStdHandle
GetCommModemStatus
GetCPInfo
GetStringTypeA
WritePrivateProfileStructA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
SetEvent
InitializeCriticalSection
LoadResource
TlsGetValue
QueueUserWorkItem
OutputDebugStringA
SetLastError
GetUserDefaultLangID
Beep
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
RaiseException
EnumSystemLocalesA
GetPrivateProfileStringA
SetThreadPriority
GetUserDefaultLCID
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
WritePrivateProfileSectionA
FlushInstructionCache
RegisterWaitForSingleObject
CreateThread
GetPrivateProfileSectionA
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
ExitThread
SetPriorityClass
TerminateProcess
WriteConsoleA
VirtualQuery
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetPrivateProfileIntA
SetCommMask
GlobalLock
GetProcessHeap
CompareStringW
lstrcmpA
CompareStringA
CreateFileMappingA
IsValidLocale
WaitForMultipleObjects
GetProcAddress
SetCommState
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
lstrlenW
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
QueryPerformanceFrequency
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
GetCommState
CloseHandle
GetTimeFormatA
GetACP
GetModuleHandleW
GetDefaultCommConfigA
SizeofResource
IsValidCodePage
HeapCreate
VirtualFree
Sleep
WriteConsoleW
FindResourceA
VirtualAlloc
ResetEvent
AccessibleObjectFromWindow
LoadRegTypeLib
VariantChangeType
SysStringLen
VarCmp
CreateErrorInfo
SysAllocStringLen
VarBstrCmp
VariantClear
SysAllocString
OleCreateFontIndirect
DispCallFunc
SetErrorInfo
LoadTypeLib
SysFreeString
GetErrorInfo
VariantInit
SHGetFolderPathAndSubDirA
ShellExecuteW
Shell_NotifyIconA
ShellExecuteExA
ShellExecuteA
PathRemoveArgsA
PathRemoveExtensionA
PathAppendA
PathCombineA
PathQuoteSpacesA
ColorRGBToHLS
ColorAdjustLuma
ColorHLSToRGB
PathGetArgsA
PathUnquoteSpacesA
PathFindFileNameA
SHSetValueA
PathRenameExtensionA
StrTrimA
PathFileExistsA
RedrawWindow
GetForegroundWindow
DestroyMenu
PostQuitMessage
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
WindowFromPoint
GetDC
GetCursorPos
MapDialogRect
GetDlgCtrlID
UnregisterClassA
SendMessageA
GetClientRect
AllowSetForegroundWindow
CallNextHookEx
GetWindowTextLengthA
LoadImageA
GetWindowTextA
InvalidateRgn
RegisterClassExA
DestroyWindow
DrawEdge
GetParent
UpdateWindow
CheckRadioButton
GetClassInfoExA
ShowWindow
SetClassLongA
SetDlgItemInt
EnableWindow
SetWindowPlacement
GetDlgItemTextA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
GetDlgItemInt
LoadStringA
SetClipboardData
IsZoomed
GetWindowPlacement
EnableMenuItem
TrackPopupMenuEx
GetWindowLongA
CreateWindowExA
FillRect
CharNextA
GetSysColorBrush
GetUpdateRect
CreateAcceleratorTableA
IsChild
IsDialogMessageA
SetFocus
GetMessageA
SetCapture
BeginPaint
OffsetRect
KillTimer
GetMonitorInfoA
RegisterWindowMessageA
DefWindowProcA
CheckMenuRadioItem
MapWindowPoints
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
PostMessageA
ReleaseCapture
SetWindowLongA
CheckDlgButton
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
SetTimer
GetDlgItem
CreateDialogParamA
BringWindowToTop
ClientToScreen
InsertMenuA
FindWindowExA
LoadCursorA
LoadIconA
SetWindowsHookExA
IsDlgButtonChecked
DestroyAcceleratorTable
GetDesktopWindow
GetSystemMenu
SetForegroundWindow
OpenClipboard
EmptyClipboard
ReleaseDC
SetLayeredWindowAttributes
EndDialog
LoadMenuA
ScreenToClient
MessageBeep
DrawTextExA
UnhookWindowsHookEx
SetDlgItemTextA
MoveWindow
MessageBoxA
GetWindowDC
DialogBoxParamA
GetSysColor
GetKeyState
SystemParametersInfoA
UpdateLayeredWindow
IsWindowVisible
MonitorFromWindow
DeleteMenu
InvalidateRect
CallWindowProcA
GetClassNameA
GetFocus
CloseClipboard
mciSendCommandA
CreateStreamOnHGlobal
OleUninitialize
CoUninitialize
OleInitialize
CoInitializeEx
GetRunningObjectTable
CoCreateInstance
CLSIDFromProgID
OleLockRunning
BindMoniker
PropVariantClear
CoTaskMemAlloc
CLSIDFromString
StringFromGUID2
CoGetClassObject
Number of PE resources by type
RT_DIALOG 14
RT_BITMAP 7
RT_ICON 2
RT_MENU 2
CRYPTED 1
RT_MANIFEST 1
RT_GROUP_CURSOR 1
RT_FONT 1
RT_STRING 1
RT_FONTDIR 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH NEUTRAL 33
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.69.0.5

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
331264

EntryPoint
0x21e16

OriginalFileName
xnsw.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2015 Dmitry Nikitin

FileVersion
1, 69, 0, 5

TimeStamp
2017:02:15 17:12:54+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
xnsw

ProductVersion
1, 69, 0, 5

FileDescription
Professional stopwatch, countdown timer and clock

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
dnSoft Research Group

CodeSize
235520

ProductName
XNote Stopwatch

ProductVersionNumber
1.69.0.5

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 da97fb7433c1247dfbaaae7b58d5e936
SHA1 e5b3956d00df8f2b3d4f4ff99c1025ee0ae1ba85
SHA256 2ef5c5ca4e513f69586edf09fcc9dc3450b499e8bc6185ee32949e6fc5dbbf4a
ssdeep
12288:oLQr0Bv7QNVtnfKClQL6eyItBH6pZBCED+V/gEne:oLU6sVtnfrlQL60tBHMAe

authentihash 9cd2dda106fc523b4063f1bdefd7949cbeffd4199696c03028b3154914e8ca3b
imphash 1d3c018502f53e0c7933542ca3fa0df3
File size 574.6 KB ( 588368 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.4%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-02-16 12:50:37 UTC ( 3 months, 1 week ago )
Last submission 2017-05-19 06:45:04 UTC ( 1 week, 2 days ago )
File names XNote Stopwatch.exe
xnsw.exe
xnsw.exe
xnsw.exe
xnsw
xnsw.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications