home

xCloud.exe

xCloud

Diting Tech. Ltd.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘xCloud’.
Publisher:
Diting Inc  (signed by Diting Tech. Ltd.)

Product:
xCloud

Version:
4.1.0.0

MD5:
ee4c41dd656cf11f9e06d8ded2ba18ca

SHA-1:
c0bf880d8257a0a11fdb650d0e814aebd64a915b

SHA-256:
10b0d6652b7686272cd32460869082156b1adf686c6aeda06a1d345f928fe615

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/23/2024 6:59:29 PM UTC  (today)

File size:
1.8 MB (1,873,296 bytes)

Product version:
4.1.0.0

Copyright:
(C)Copyright 2013 Diting Inc. All Rights Reserved

Original file name:
xCloud.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\xcloud\bin\xcloud.exe

Digital Signature
Signed by:
Diting Tech. Ltd.

Authority:
COMODO CA Limited

Valid from:
8/16/2012 8:00:00 AM

Valid to:
8/17/2013 7:59:59 AM

Subject:
CN=Diting Tech. Ltd., O=Diting Tech. Ltd., STREET="D6-B1, Software Park", L=Chengdu, S=Sichuan, PostalCode=610041, C=CN

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FE68F785065FDFFB6AF632B3C5144FB8

File PE Metadata
Compilation timestamp:
5/28/2013 4:16:17 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:65F2mV73aBxPmqFXWMhaEoUJBg6C8U8U8y5ucG:6eiWxeqFXfaEFJqR8U8U8yu

Entry address:
0x60EB6

Entry point:
E8, 6E, 05, 00, 00, E9, 6B, FD, FF, FF, 3B, 0D, 28, 70, 48, 00, 75, 02, F3, C3, E9, F5, 05, 00, 00, CC, FF, 25, EC, D4, 46, 00, 8B, FF, 55, 8B, EC, F6, 45, 08, 02, 57, 8B, F9, 74, 25, 56, 68, 7E, 16, 46, 00, 8D, 77, FC, FF, 36, 6A, 0C, 57, E8, B8, 01, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, 01, F8, FF, FF, 59, 8B, C6, 5E, EB, 14, E8, 70, 07, 00, 00, F6, 45, 08, 01, 74, 07, 57, E8, EA, F7, FF, FF, 59, 8B, C7, 5F, 5D, C2, 04, 00, FF, 25, E8, D4, 46, 00, 6A, 14, 68, 50, 9C, 47, 00, E8, 4C, 04, 00, 00, FF, 35...
 
[+]

Entropy:
7.2699

Code size:
429.5 KB (439,808 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
xCloud

Command:
"C:\Program Files\xcloud\bin\xcloud.exe" autostartup


Scan xCloud.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.