» xdeskshow2.exe
Overview
Analysis
File Details
Behaviors (1)

xdeskshow2.exe

鱼鱼桌面秀2

Personal Email

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘XDeskShow2’.

File name:

xdeskshow2.exe

Publisher:

鱼鱼软件 (signed by Personal Email)

Product:

鱼鱼桌面秀2

Description:

鱼鱼桌面秀2 beta1.8

Version:

2.0.5.608

MD5:

ca1be45bc1747d027d6ace43b9fa984a

SHA-1:

5958e8610a65038350c28797f1f9ceb4388179c9

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/25/2024 2:50:42 PM UTC (today)

File size:

3.3 MB (3,426,488 bytes)

Product version:

2007

File type:

Executable application (Win32 EXE)

Common path:

C:\Windows\System32\xpstyle_themepackage\sidebar\xdeskshow2.exe

Digital Signature

Signed by:

Personal Email

Authority:

Unizeto Technologies S.A.

Valid from:

10/23/2009 6:51:45 AM

Valid to:

10/24/2010 6:51:45 AM

Subject:

E=admin@holersoft.com, CN=holersoft.com, OU=Unizeto (r) Personal Certificates, O=Personal Email, C=CN

Issuer:

CN=Certum Level III CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

06CC70

File PE Metadata

Compilation timestamp:

6/20/1992 6:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:2hITmZ/sN9pbjRVP/1LOWeTApTzaxBXTi5rO:2691AJuaTSO

Entry address:

0x277C78

Entry point:

55, 8B, EC, B9, 1C, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, 56, 57, B8, C8, 71, 67, 00, E8, DC, F9, D8, FF, 33, C0, 55, 68, F4, 85, 67, 00, 64, FF, 30, 64, 89, 20, A1, 5C, 62, 68, 00, 8B, 00, E8, 02, B8, E2, FF, A1, 5C, 62, 68, 00, 8B, 00, C7, 40, 78, 64, 00, 00, 00, A1, 5C, 62, 68, 00, 8B, 00, C7, 40, 74, 88, 13, 00, 00, A1, 50, 66, 68, 00, C6, 00, 2E, 8D, 55, E8, A1, 5C, 62, 68, 00, 8B, 00, E8, 77, BE, E2, FF, 8B, 45, E8, 8D, 55, EC, E8, 70, 37, D9, FF, 8B, 55, EC, A1, D4, 5D, 68, 00, E8, 3F, D1, D8... 
[+]

Entropy:

6.7456

Developed / compiled with:

Microsoft Visual C++

Code size:

2.5 MB (2,587,136 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

XDeskShow2

Command:

C:\Windows\System32\xpstyle_themepackage\sidebar\xdeskshow2.exe

Scan xdeskshow2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.