× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2ef5c5ca4e513f69586edf09fcc9dc3450b499e8bc6185ee32949e6fc5dbbf4a
File name: xnsw.exe
Detection ratio: 0 / 59
Analysis date: 2017-06-14 20:29:48 UTC ( 4 months ago ) View latest
Antivirus Result Update
Ad-Aware 20170614
AegisLab 20170614
AhnLab-V3 20170614
Alibaba 20170614
Antiy-AVL 20170614
Arcabit 20170614
Avast 20170614
AVG 20170614
Avira (no cloud) 20170614
AVware 20170614
Baidu 20170613
BitDefender 20170614
Bkav 20170614
CAT-QuickHeal 20170614
ClamAV 20170614
CMC 20170614
CrowdStrike Falcon (ML) 20170420
Cyren 20170614
DrWeb 20170614
Emsisoft 20170614
Endgame 20170614
ESET-NOD32 20170614
F-Prot 20170614
F-Secure 20170614
Fortinet 20170614
GData 20170614
Ikarus 20170614
Sophos ML 20170607
Jiangmin 20170614
K7AntiVirus 20170614
K7GW 20170614
Kaspersky 20170614
Kingsoft 20170614
Malwarebytes 20170614
McAfee 20170614
McAfee-GW-Edition 20170614
Microsoft 20170614
eScan 20170614
NANO-Antivirus 20170614
nProtect 20170614
Palo Alto Networks (Known Signatures) 20170614
Panda 20170614
Qihoo-360 20170614
Rising 20170613
SentinelOne (Static ML) 20170516
Sophos AV 20170614
SUPERAntiSpyware 20170614
Symantec 20170614
Symantec Mobile Insight 20170614
Tencent 20170614
TheHacker 20170612
TotalDefense 20170614
TrendMicro 20170614
TrendMicro-HouseCall 20170614
Trustlook 20170614
VBA32 20170614
VIPRE 20170614
ViRobot 20170614
WhiteArmor 20170614
Yandex 20170614
Zillya 20170614
ZoneAlarm by Check Point 20170614
Zoner 20170614
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2015 Dmitry Nikitin

Product XNote Stopwatch
Original name xnsw.exe
Internal name xnsw
File version 1, 69, 0, 5
Description Professional stopwatch, countdown timer and clock
Signature verification Signed file, verified signature
Signing date 5:28 PM 2/15/2017
Signers
[+] Dmitry Nikitin
Status Valid
Issuer StartCom Class 2 Object CA
Valid from 11:16 AM 9/23/2016
Valid to 11:16 AM 9/23/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint B332CE80E6434D3EE0B474D9A684F75F6B70D527
Serial number 3D 18 00 62 69 4F A5 FD D8 53 76 CB 14 0F 90 7F
[+] StartCom Class 2 Object CA
Status Valid
Issuer StartCom Certification Authority
Valid from 2:00 AM 12/16/2015
Valid to 2:00 AM 12/16/2030
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 1F6421C176CF03ED52CC37F21B587F166CEB828B
Serial number 6C 3B D2 7E DD 3C 94 9E 95 8E 28 A9 B3 C7 57 A0
[+] StartCom Certification Authority
Status Valid
Issuer StartCom Certification Authority
Valid from 8:46 PM 9/17/2006
Valid to 8:46 PM 9/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
Serial number 01
Counter signers
[+] StartCom Time Stamping Signer
Status Valid
Issuer StartCom Class 3 Primary Intermediate Object CA
Valid from 2:00 AM 12/28/2015
Valid to 2:00 AM 10/12/2022
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint CD78DC95DE34612F8893B35B2C71489A8B6002D1
Serial number 60 2B 71 7F 8B BA 95 76 CC 0B 59 C7 92 76 D4 82
[+] StartCom Class 3 Primary Intermediate Object CA
Status Valid
Issuer StartCom Certification Authority
Valid from 11:03 PM 10/14/2007
Valid to 11:03 PM 10/14/2022
Valid usage All
Algorithm sha256RSA
Thumbrint F960E82855F1C52C8B162DD93EDA220B3DFF1389
Serial number 1B 86 12 67 7A E1 9D
[+] StartCom Certification Authority
Status Valid
Issuer StartCom Certification Authority
Valid from 8:46 PM 9/17/2006
Valid to 8:46 PM 9/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
Serial number 01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-15 16:12:54
Entry Point 0x00021E16
Number of sections 5
PE sections
Overlays
MD5 99629cbb0a757f9454ba623c0ef14df3
File type data
Offset 567808
Size 20560
Entropy 7.41
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
ImageList_Create
InitCommonControlsEx
ImageList_Add
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
ChooseFontA
PlayEnhMetaFileRecord
DeleteEnhMetaFile
PatBlt
SaveDC
TextOutA
CreateFontIndirectA
GetObjectA
ExcludeClipRect
DeleteDC
RestoreDC
SetBkMode
BitBlt
CreateDIBSection
SetTextColor
GetDeviceCaps
GetStockObject
AddFontMemResourceEx
CreateEnhMetaFileA
CreateCompatibleDC
CloseEnhMetaFile
SetDCBrushColor
SelectObject
EnumEnhMetaFile
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
GetPrivateProfileStructA
FileTimeToSystemTime
GetOverlappedResult
WaitForSingleObject
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
ExpandEnvironmentStringsA
FreeEnvironmentStringsW
GetLocaleInfoW
WaitCommEvent
SetStdHandle
GetCommModemStatus
GetCPInfo
GetStringTypeA
WritePrivateProfileStructA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
SetEvent
InitializeCriticalSection
LoadResource
TlsGetValue
QueueUserWorkItem
OutputDebugStringA
SetLastError
GetUserDefaultLangID
Beep
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
RaiseException
EnumSystemLocalesA
GetPrivateProfileStringA
SetThreadPriority
GetUserDefaultLCID
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
WritePrivateProfileSectionA
FlushInstructionCache
RegisterWaitForSingleObject
CreateThread
GetPrivateProfileSectionA
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
ExitThread
SetPriorityClass
TerminateProcess
WriteConsoleA
VirtualQuery
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetPrivateProfileIntA
SetCommMask
GlobalLock
GetProcessHeap
CompareStringW
lstrcmpA
CompareStringA
CreateFileMappingA
IsValidLocale
WaitForMultipleObjects
GetProcAddress
SetCommState
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
lstrlenW
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
QueryPerformanceFrequency
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
GetCommState
CloseHandle
GetTimeFormatA
GetACP
GetModuleHandleW
GetDefaultCommConfigA
SizeofResource
IsValidCodePage
HeapCreate
VirtualFree
Sleep
WriteConsoleW
FindResourceA
VirtualAlloc
ResetEvent
AccessibleObjectFromWindow
LoadRegTypeLib
VariantChangeType
SysStringLen
VarCmp
CreateErrorInfo
SysAllocStringLen
VarBstrCmp
VariantClear
SysAllocString
OleCreateFontIndirect
DispCallFunc
SetErrorInfo
LoadTypeLib
SysFreeString
GetErrorInfo
VariantInit
SHGetFolderPathAndSubDirA
ShellExecuteW
Shell_NotifyIconA
ShellExecuteExA
ShellExecuteA
PathRemoveArgsA
PathRemoveExtensionA
PathAppendA
PathCombineA
PathQuoteSpacesA
ColorRGBToHLS
ColorAdjustLuma
ColorHLSToRGB
PathGetArgsA
PathUnquoteSpacesA
PathFindFileNameA
SHSetValueA
PathRenameExtensionA
StrTrimA
PathFileExistsA
RedrawWindow
GetForegroundWindow
DestroyMenu
PostQuitMessage
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
WindowFromPoint
GetDC
GetCursorPos
MapDialogRect
GetDlgCtrlID
UnregisterClassA
SendMessageA
GetClientRect
AllowSetForegroundWindow
CallNextHookEx
GetWindowTextLengthA
LoadImageA
GetWindowTextA
InvalidateRgn
RegisterClassExA
DestroyWindow
DrawEdge
GetParent
UpdateWindow
CheckRadioButton
GetClassInfoExA
ShowWindow
SetClassLongA
SetDlgItemInt
EnableWindow
SetWindowPlacement
GetDlgItemTextA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
GetDlgItemInt
LoadStringA
SetClipboardData
IsZoomed
GetWindowPlacement
EnableMenuItem
TrackPopupMenuEx
GetWindowLongA
CreateWindowExA
FillRect
CharNextA
GetSysColorBrush
GetUpdateRect
CreateAcceleratorTableA
IsChild
IsDialogMessageA
SetFocus
GetMessageA
SetCapture
BeginPaint
OffsetRect
KillTimer
GetMonitorInfoA
RegisterWindowMessageA
DefWindowProcA
CheckMenuRadioItem
MapWindowPoints
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
PostMessageA
ReleaseCapture
SetWindowLongA
CheckDlgButton
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
SetTimer
GetDlgItem
CreateDialogParamA
BringWindowToTop
ClientToScreen
InsertMenuA
FindWindowExA
LoadCursorA
LoadIconA
SetWindowsHookExA
IsDlgButtonChecked
DestroyAcceleratorTable
GetDesktopWindow
GetSystemMenu
SetForegroundWindow
OpenClipboard
EmptyClipboard
ReleaseDC
SetLayeredWindowAttributes
EndDialog
LoadMenuA
ScreenToClient
MessageBeep
DrawTextExA
UnhookWindowsHookEx
SetDlgItemTextA
MoveWindow
MessageBoxA
GetWindowDC
DialogBoxParamA
GetSysColor
GetKeyState
SystemParametersInfoA
UpdateLayeredWindow
IsWindowVisible
MonitorFromWindow
DeleteMenu
InvalidateRect
CallWindowProcA
GetClassNameA
GetFocus
CloseClipboard
mciSendCommandA
CreateStreamOnHGlobal
OleUninitialize
CoUninitialize
OleInitialize
CoInitializeEx
GetRunningObjectTable
CoCreateInstance
CLSIDFromProgID
OleLockRunning
BindMoniker
PropVariantClear
CoTaskMemAlloc
CLSIDFromString
StringFromGUID2
CoGetClassObject
Number of PE resources by type
RT_DIALOG 14
RT_BITMAP 7
RT_ICON 2
RT_MENU 2
CRYPTED 1
RT_FONT 1
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_STRING 1
RT_FONTDIR 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH NEUTRAL 33
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
331264

ImageVersion
0.0

ProductName
XNote Stopwatch

FileVersionNumber
1.69.0.5

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x0017

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
xnsw.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 69, 0, 5

TimeStamp
2017:02:15 17:12:54+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
xnsw

ProductVersion
1, 69, 0, 5

FileDescription
Professional stopwatch, countdown timer and clock

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright 2015 Dmitry Nikitin

MachineType
Intel 386 or later, and compatibles

CompanyName
dnSoft Research Group

CodeSize
235520

FileSubtype
0

ProductVersionNumber
1.69.0.5

EntryPoint
0x21e16

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 da97fb7433c1247dfbaaae7b58d5e936
SHA1 e5b3956d00df8f2b3d4f4ff99c1025ee0ae1ba85
SHA256 2ef5c5ca4e513f69586edf09fcc9dc3450b499e8bc6185ee32949e6fc5dbbf4a
ssdeep
12288:oLQr0Bv7QNVtnfKClQL6eyItBH6pZBCED+V/gEne:oLU6sVtnfrlQL60tBHMAe

authentihash 9cd2dda106fc523b4063f1bdefd7949cbeffd4199696c03028b3154914e8ca3b
imphash 1d3c018502f53e0c7933542ca3fa0df3
File size 574.6 KB ( 588368 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.4%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-02-16 12:50:37 UTC ( 8 months ago )
Last submission 2017-07-18 15:37:19 UTC ( 3 months ago )
File names XNote Stopwatch.exe
xnsw.exe
xnsw.exe
xnsw.exe
xnsw.exe
xnsw
STOP WATCH.exe
xnsw.exe
xnsw.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications