× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ff9a137912f15e929dbcba671d171f7183d43c470e91571df89416fb22e208bc
File name: xntimer.exe
Detection ratio: 0 / 56
Analysis date: 2016-10-16 21:56:52 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware 20161016
AegisLab 20161016
AhnLab-V3 20161016
Alibaba 20161014
ALYac 20161016
Antiy-AVL 20161016
Arcabit 20161016
Avast 20161016
AVG 20161016
Avira (no cloud) 20161016
AVware 20161016
Baidu 20161015
BitDefender 20161016
Bkav 20161015
CAT-QuickHeal 20161015
ClamAV 20161016
CMC 20161016
Comodo 20161016
CrowdStrike Falcon (ML) 20160725
Cyren 20161016
DrWeb 20161016
Emsisoft 20161016
ESET-NOD32 20161016
F-Prot 20161016
F-Secure 20161016
Fortinet 20161016
GData 20161016
Ikarus 20161016
Sophos ML 20160928
Jiangmin 20161016
K7AntiVirus 20161016
K7GW 20161016
Kaspersky 20161016
Kingsoft 20161016
Malwarebytes 20161016
McAfee 20161016
McAfee-GW-Edition 20161016
Microsoft 20161016
eScan 20161016
NANO-Antivirus 20161016
nProtect 20161016
Panda 20161016
Qihoo-360 20161016
Rising 20161016
Sophos AV 20161016
SUPERAntiSpyware 20161016
Symantec 20161016
Tencent 20161016
TheHacker 20161016
TrendMicro 20161016
TrendMicro-HouseCall 20161016
VBA32 20161014
VIPRE 20161016
ViRobot 20161016
Yandex 20161016
Zillya 20161016
Zoner 20161016
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2014 Dmitry Nikitin

Product XNote Timer
Original name xntimer.exe
Internal name xntimer
File version 1, 12, 0, 0
Description Free timer and stopwatch
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-16 14:43:37
Entry Point 0x00014E86
Number of sections 5
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CreateToolbarEx
InitCommonControlsEx
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
ChooseFontA
PlayEnhMetaFileRecord
DeleteEnhMetaFile
SaveDC
TextOutA
CreateFontIndirectA
GetDeviceCaps
ExcludeClipRect
DeleteDC
RestoreDC
SetBkMode
BitBlt
CreateDIBSection
SetTextColor
GetObjectA
GetStockObject
AddFontMemResourceEx
CreateEnhMetaFileA
CreateCompatibleDC
CloseEnhMetaFile
SelectObject
EnumEnhMetaFile
GetTextColor
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
GetOverlappedResult
WaitForSingleObject
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
ExpandEnvironmentStringsA
FreeEnvironmentStringsW
WaitCommEvent
SetStdHandle
GetCommModemStatus
GetCPInfo
GetStringTypeA
WritePrivateProfileStructA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
SetEvent
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
SetLastError
GetUserDefaultLangID
Beep
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
GetPrivateProfileStringA
SetThreadPriority
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
WritePrivateProfileSectionA
FlushInstructionCache
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
ExitThread
SetPriorityClass
TerminateProcess
WriteConsoleA
VirtualQuery
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
SetCommMask
GlobalLock
GetProcessHeap
lstrcmpA
FindFirstFileA
GetTimeFormatA
CreateFileMappingA
FindNextFileA
WaitForMultipleObjects
GetProcAddress
SetCommState
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
lstrlenW
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
GetCommState
CloseHandle
GetACP
GetModuleHandleW
GetDefaultCommConfigA
SizeofResource
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
LoadRegTypeLib
OleCreateFontIndirect
SysStringLen
VarCmp
SysAllocStringLen
DispCallFunc
VariantClear
SysAllocString
VarBstrCmp
LoadTypeLib
SysFreeString
VariantInit
ShellExecuteExA
Shell_NotifyIconA
ShellExecuteA
SHGetFolderPathA
PathRemoveArgsA
PathCombineA
PathAppendA
PathQuoteSpacesA
PathRemoveExtensionA
ColorAdjustLuma
ColorHLSToRGB
PathGetArgsA
PathUnquoteSpacesA
PathFindFileNameA
PathRenameExtensionA
ColorRGBToHLS
StrTrimA
PathFileExistsA
RedrawWindow
DestroyMenu
PostQuitMessage
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
WindowFromPoint
GetMessageTime
GetDC
GetCursorPos
MapDialogRect
GetDlgCtrlID
UnregisterClassA
SendMessageA
GetClientRect
CallNextHookEx
GetWindowTextLengthA
LoadImageA
GetWindowTextA
InvalidateRgn
RegisterClassExA
DestroyWindow
DrawEdge
GetParent
UpdateWindow
CheckRadioButton
GetClassInfoExA
ShowWindow
SetClassLongA
SetDlgItemInt
EnableWindow
SetWindowPlacement
GetDlgItemTextA
TranslateMessage
GetWindow
CharUpperA
GetDlgItemInt
LoadStringA
SetClipboardData
IsZoomed
GetWindowPlacement
IsIconic
InvertRect
TrackPopupMenuEx
GetSubMenu
CreateWindowExA
FillRect
CharNextA
GetSysColorBrush
GetUpdateRect
CreateAcceleratorTableA
IsChild
IsDialogMessageA
MapWindowPoints
GetMessageA
SetCapture
BeginPaint
OffsetRect
SetFocus
KillTimer
GetMonitorInfoA
RegisterWindowMessageA
DefWindowProcA
CheckMenuRadioItem
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
GetWindowRect
PostMessageA
ReleaseCapture
SetWindowLongA
CheckDlgButton
SetWindowTextA
CheckMenuItem
GetWindowLongA
GetLastActivePopup
SetTimer
GetDlgItem
CreateDialogParamA
BringWindowToTop
ClientToScreen
InsertMenuA
FindWindowExA
LoadCursorA
LoadIconA
SetWindowsHookExA
IsDlgButtonChecked
DestroyAcceleratorTable
GetDesktopWindow
GetSystemMenu
SetForegroundWindow
OpenClipboard
EmptyClipboard
ReleaseDC
SetLayeredWindowAttributes
EndDialog
LoadMenuA
ScreenToClient
DrawTextExA
UnhookWindowsHookEx
SetDlgItemTextA
MoveWindow
MessageBoxA
GetWindowDC
DialogBoxParamA
GetSysColor
GetKeyState
SystemParametersInfoA
UpdateLayeredWindow
MonitorFromWindow
InvalidateRect
CallWindowProcA
GetClassNameA
GetFocus
CloseClipboard
mciSendCommandA
timeEndPeriod
timeGetTime
timeBeginPeriod
CreateStreamOnHGlobal
OleLockRunning
CLSIDFromProgID
OleInitialize
CoCreateInstance
OleUninitialize
CoTaskMemAlloc
CLSIDFromString
StringFromGUID2
CoGetClassObject
Number of PE resources by type
RT_DIALOG 11
RT_BITMAP 3
RT_ICON 2
RT_FONT 1
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_FONTDIR 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH NEUTRAL 24
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
167936

ImageVersion
0.0

ProductName
XNote Timer

FileVersionNumber
1.12.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x0017

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
xntimer.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 12, 0, 0

TimeStamp
2014:09:16 15:43:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
xntimer

ProductVersion
1, 12, 0, 0

FileDescription
Free timer and stopwatch

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright 2014 Dmitry Nikitin

MachineType
Intel 386 or later, and compatibles

CompanyName
dnSoft Research Group

CodeSize
156160

FileSubtype
0

ProductVersionNumber
1.12.0.0

EntryPoint
0x14e86

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
File identification
MD5 b50e11cb08292a5f1d6c3bf464585065
SHA1 b5302df506a747f3c2fbc894a5c79a65c39e01b3
SHA256 ff9a137912f15e929dbcba671d171f7183d43c470e91571df89416fb22e208bc
ssdeep
3072:eeptk+5oO1Q+nKOvdEK2BBGQjVN2AdY+G7B4SbhJRDUCQC+FX5nrMmX+RnJL9+F:eepWGDQ+njW50AdsiSbBDU9JnZIp+

authentihash 7bd5b2eef3d74a5e8e6b64b4dcb889ac7db70115c718d0afc2ccddd36749fb35
imphash 43e8402e841d633a8de428b2dde2e863
File size 317.5 KB ( 325120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-09-16 18:32:48 UTC ( 3 years, 2 months ago )
Last submission 2017-03-26 04:31:20 UTC ( 8 months ago )
File names dh bấm giờ.exe
xntimer.exe
xntimer[2].exe
b5302df506a747f3c2fbc894a5c79a65c39e01b3.exe
xntimer
unconfirmed 608531.crdownload
FF9A137912F15E929DBCBA671D171F7183D43C470E91571DF89416FB22E208BC
Excellent (No Install) Countdown Timer - xntimer.exe
xntimer (1).exe
xnote-timer_112.exe
550229
xntimer.exe
B50E11CB08292A5F1D6C3BF464585065.exe
xntimer.exe
xntimer1.12 light edition - Copy.exe
xntimer1.12.exe
xntimer.exe
xntimer[1].exe
xntimer.exe
xntimer.exe
xntimer.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications