× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ada08b8bbed9fad9d3dbed201074d3b4c27db1525427b4583a64695e287e3f46
File name: ada08b8bbed9fad9d3dbed201074d3b4c27db1525427b4583a64695e287e3f46.bin
Detection ratio: 0 / 66
Analysis date: 2018-05-15 09:52:01 UTC ( 4 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware 20180515
AegisLab 20180515
AhnLab-V3 20180515
Alibaba 20180515
ALYac 20180515
Antiy-AVL 20180515
Arcabit 20180515
Avast 20180515
Avast-Mobile 20180514
AVG 20180515
Avira (no cloud) 20180515
AVware 20180428
Babable 20180406
Baidu 20180511
BitDefender 20180515
Bkav 20180515
CAT-QuickHeal 20180515
ClamAV 20180515
CMC 20180515
Comodo 20180515
CrowdStrike Falcon (ML) 20180418
Cybereason None
Cyren 20180515
eGambit 20180515
Emsisoft 20180515
Endgame 20180507
ESET-NOD32 20180515
F-Prot 20180515
F-Secure 20180515
Fortinet 20180515
GData 20180515
Ikarus 20180515
Sophos ML 20180503
Jiangmin 20180515
K7AntiVirus 20180515
K7GW 20180515
Kaspersky 20180515
Kingsoft 20180515
Malwarebytes 20180515
MAX 20180515
McAfee 20180515
McAfee-GW-Edition 20180515
Microsoft 20180515
eScan 20180515
NANO-Antivirus 20180515
nProtect 20180515
Palo Alto Networks (Known Signatures) 20180515
Panda 20180514
Qihoo-360 20180515
Rising 20180515
SentinelOne (Static ML) 20180225
Sophos AV 20180515
SUPERAntiSpyware 20180515
Symantec 20180514
Symantec Mobile Insight 20180515
Tencent 20180515
TheHacker 20180509
TotalDefense 20180515
TrendMicro 20180515
TrendMicro-HouseCall 20180515
Trustlook 20180515
VBA32 20180514
VIPRE 20180515
ViRobot 20180515
Webroot 20180515
Yandex 20180513
Zillya 20180514
ZoneAlarm by Check Point 20180515
Zoner 20180514
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2018 Dmitry Nikitin

Product XNote Stopwatch
Original name xnsw.exe
Internal name xnsw
File version 1, 69, 0, 6
Description Professional stopwatch, countdown timer and clock
Signature verification Signed file, verified signature
Signing date 5:03 PM 4/30/2018
Signers
[+] Dmitry Nikitin
Status Valid
Issuer StartCom Class 2 Object CA
Valid from 11:16 AM 9/23/2016
Valid to 11:16 AM 9/23/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint B332CE80E6434D3EE0B474D9A684F75F6B70D527
Serial number 3D 18 00 62 69 4F A5 FD D8 53 76 CB 14 0F 90 7F
[+] StartCom Class 2 Object CA
Status Valid
Issuer StartCom Certification Authority
Valid from 2:00 AM 12/16/2015
Valid to 2:00 AM 12/16/2030
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 1F6421C176CF03ED52CC37F21B587F166CEB828B
Serial number 6C 3B D2 7E DD 3C 94 9E 95 8E 28 A9 B3 C7 57 A0
[+] StartCom Certification Authority
Status Valid
Issuer StartCom Certification Authority
Valid from 8:46 PM 9/17/2006
Valid to 8:46 PM 9/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
Serial number 01
Counter signers
[+] WoSign Time Stamping Signer
Status Valid
Issuer Certification Authority of WoSign
Valid from 2:00 AM 8/8/2009
Valid to 2:00 AM 8/8/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 5409B56C89BB1A881DE1A32C950D40FD6B94C74E
Serial number 25 1F 5D 98 81 82 17 2E 3C 41 9E 01 4F B0 40 4C
[+] WoSign
Status Valid
Issuer Certification Authority of WoSign
Valid from 2:00 AM 8/8/2009
Valid to 2:00 AM 8/8/2039
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint B94294BF91EA8FB64BE61097C7FB001359B676CB
Serial number 5E 68 D6 11 71 94 63 50 56 00 68 F3 3E C9 C5 91
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-30 15:58:57
Entry Point 0x00021A56
Number of sections 5
PE sections
Overlays
MD5 928bc7ab1c2be9dd2e431baece7c0708
File type data
Offset 569856
Size 20352
Entropy 7.54
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
ImageList_Create
InitCommonControlsEx
ImageList_Add
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
ChooseFontA
PlayEnhMetaFileRecord
DeleteEnhMetaFile
PatBlt
SaveDC
TextOutA
CreateFontIndirectA
GetObjectA
ExcludeClipRect
DeleteDC
RestoreDC
SetBkMode
BitBlt
CreateDIBSection
SetTextColor
GetDeviceCaps
GetStockObject
AddFontMemResourceEx
CreateEnhMetaFileA
CreateCompatibleDC
CloseEnhMetaFile
SetDCBrushColor
SelectObject
EnumEnhMetaFile
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
GetPrivateProfileStructA
FileTimeToSystemTime
GetOverlappedResult
WaitForSingleObject
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
ExpandEnvironmentStringsA
FreeEnvironmentStringsW
GetLocaleInfoW
WaitCommEvent
SetStdHandle
GetCommModemStatus
GetCPInfo
GetStringTypeA
WritePrivateProfileStructA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
SetEvent
InitializeCriticalSection
LoadResource
TlsGetValue
QueueUserWorkItem
OutputDebugStringA
SetLastError
GetUserDefaultLangID
Beep
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
RaiseException
EnumSystemLocalesA
GetPrivateProfileStringA
SetThreadPriority
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
WritePrivateProfileSectionA
FlushInstructionCache
RegisterWaitForSingleObject
CreateThread
GetPrivateProfileSectionA
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
ExitThread
SetPriorityClass
TerminateProcess
WriteConsoleA
VirtualQuery
SetEndOfFile
GetCurrentThreadId
GetProcAddress
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetPrivateProfileIntA
SetCommMask
GetUserDefaultLCID
GetProcessHeap
CompareStringW
lstrcmpA
InterlockedIncrement
CompareStringA
CreateFileMappingA
IsValidLocale
WaitForMultipleObjects
GlobalLock
SetCommState
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
lstrlenW
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
QueryPerformanceFrequency
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
GetCommState
CloseHandle
GetTimeFormatA
GetACP
GetModuleHandleW
GetDefaultCommConfigA
SizeofResource
IsValidCodePage
HeapCreate
VirtualFree
Sleep
WriteConsoleW
FindResourceA
VirtualAlloc
ResetEvent
AccessibleObjectFromWindow
LoadRegTypeLib
OleCreateFontIndirect
SysStringLen
VarCmp
CreateErrorInfo
SysAllocStringLen
VarBstrCmp
VariantClear
SysAllocString
DispCallFunc
SetErrorInfo
LoadTypeLib
SysFreeString
VariantChangeType
VariantInit
SHGetFolderPathAndSubDirA
ShellExecuteW
Shell_NotifyIconA
ShellExecuteExA
ShellExecuteA
PathRemoveArgsA
PathRemoveExtensionA
PathAppendA
PathCombineA
PathQuoteSpacesA
ColorRGBToHLS
ColorAdjustLuma
ColorHLSToRGB
PathGetArgsA
PathUnquoteSpacesA
PathFindFileNameA
SHSetValueA
PathRenameExtensionA
StrTrimA
PathFileExistsA
RedrawWindow
GetForegroundWindow
DestroyMenu
PostQuitMessage
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
WindowFromPoint
GetDC
GetCursorPos
MapDialogRect
GetDlgCtrlID
UnregisterClassA
SendMessageA
GetClientRect
AllowSetForegroundWindow
CallNextHookEx
GetWindowTextLengthA
LoadImageA
GetWindowTextA
InvalidateRgn
RegisterClassExA
DestroyWindow
DrawEdge
GetParent
UpdateWindow
CheckRadioButton
GetClassInfoExA
ShowWindow
SetClassLongA
SetDlgItemInt
EnableWindow
SetWindowPlacement
GetDlgItemTextA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
GetDlgItemInt
LoadStringA
SetClipboardData
IsZoomed
GetWindowPlacement
IsIconic
TrackPopupMenuEx
GetWindowLongA
CreateWindowExA
FillRect
CharNextA
GetSysColorBrush
GetUpdateRect
CreateAcceleratorTableA
IsChild
IsDialogMessageA
SetFocus
GetMessageA
SetCapture
BeginPaint
OffsetRect
KillTimer
GetMonitorInfoA
RegisterWindowMessageA
DefWindowProcA
CheckMenuRadioItem
MapWindowPoints
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
GetWindowRect
PostMessageA
ReleaseCapture
SetWindowLongA
CheckDlgButton
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
SetTimer
GetDlgItem
CreateDialogParamA
BringWindowToTop
ClientToScreen
InsertMenuA
FindWindowExA
LoadCursorA
LoadIconA
SetWindowsHookExA
IsDlgButtonChecked
DestroyAcceleratorTable
GetDesktopWindow
GetSystemMenu
SetForegroundWindow
OpenClipboard
EmptyClipboard
ReleaseDC
SetLayeredWindowAttributes
EndDialog
LoadMenuA
ScreenToClient
MessageBeep
DrawTextExA
UnhookWindowsHookEx
SetDlgItemTextA
MoveWindow
MessageBoxA
GetWindowDC
DialogBoxParamA
GetSysColor
GetKeyState
SystemParametersInfoA
UpdateLayeredWindow
IsWindowVisible
MonitorFromWindow
DeleteMenu
InvalidateRect
CallWindowProcA
GetClassNameA
GetFocus
CloseClipboard
mciSendCommandA
CreateStreamOnHGlobal
OleUninitialize
CoUninitialize
OleInitialize
CoInitializeEx
GetRunningObjectTable
CoCreateInstance
CLSIDFromProgID
OleLockRunning
BindMoniker
PropVariantClear
CoTaskMemAlloc
CLSIDFromString
StringFromGUID2
CoGetClassObject
Number of PE resources by type
RT_DIALOG 14
RT_BITMAP 7
RT_ICON 2
RT_MENU 2
CRYPTED 1
RT_FONT 1
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_STRING 1
RT_FONTDIR 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH NEUTRAL 33
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.69.0.6

LanguageCode
Neutral

FileFlagsMask
0x0017

FileDescription
Professional stopwatch, countdown timer and clock

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
334336

EntryPoint
0x21a56

OriginalFileName
xnsw.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2018 Dmitry Nikitin

FileVersion
1, 69, 0, 6

TimeStamp
2018:04:30 16:58:57+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
xnsw

ProductVersion
1, 69, 0, 6

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
dnSoft Research Group

CodeSize
234496

ProductName
XNote Stopwatch

ProductVersionNumber
1.69.0.6

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 afc9a03e4ce6c3e3032fbe6fc7b49aa8
SHA1 215ea99970f74ace5c0366f4607f2e991ec95fd6
SHA256 ada08b8bbed9fad9d3dbed201074d3b4c27db1525427b4583a64695e287e3f46
ssdeep
6144:2mzdgmkOcQXbhw4Rhu3Ivh1VWpu40N8PSO3eyIj1jYbaH6jcN986Tn+VtBDomuJ:HdgIXlw4RCIvh1VWeL6eyItBH60dT+V

authentihash 733bacdf341586d331fd493c952ffb341ccfd03087a213e14469b9cb6770b423
imphash 2693b92e3f2dac197e1c94aa157c36ba
File size 576.4 KB ( 590208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-05-01 08:23:50 UTC ( 4 months, 3 weeks ago )
Last submission 2018-08-28 08:36:22 UTC ( 3 weeks, 2 days ago )
File names Mega.exe
xnsw.exe
xnsw.exe
xnsw.exe
ada08b8bbed9fad9d3dbed201074d3b4c27db1525427b4583a64695e287e3f46.bin
xnsw.exe
xnsw
Mega.exe
xnsw.exe
xnsw.exe
xnsw.exe
xnsw.exe
Armor.exe
xnsw.exe
xnsw.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs