home

xcube.exe

XCube

Shenzhen Enode Technology Co., Ltd.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘XCube’.
Publisher:
Shenzhen Enode Technology Co., Ltd.  (signed and verified)

Product:
XCube

Version:
1, 6, 0, 878

MD5:
c6e9af997d6757697e97b15e9dbc93e9

SHA-1:
79b7081c5abe471ff514de10887bfcd6f6815b8f

SHA-256:
00e836510c8f324af237f67ef5f6e82c101ea249de9dbe911b334cf79d8741ca

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 3:21:22 PM UTC  (today)

File size:
3.7 MB (3,867,536 bytes)

Product version:
1, 6, 0, 878

Copyright:
Copyright (C) 2014

Original file name:
xcube.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\users\{user}\appdata\roaming\xcube\xcube.exe

Digital Signature
Signed by:
Shenzhen Enode Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
4/1/2013 2:00:00 AM

Valid to:
4/1/2016 1:59:59 AM

Subject:
CN="Shenzhen Enode Technology Co., Ltd.", OU=Development Department, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Shenzhen Enode Technology Co., Ltd.", L=Shenzhen, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
60F6AD6D09199C81989F5CD146FBBF4F

File PE Metadata
Compilation timestamp:
1/18/2016 6:42:08 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:3ReYT6rPPEhZqhIQzqFc3U3omcnA16pG9ngk3HRlIJu+aHqn5+6itcZUMQeUbwTh:we6zs2S2qFqU3oUEuvPlHk1

Entry address:
0x1C1D80

Entry point:
E8, E0, 0C, 01, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 57, 56, E8, 37, 39, 00, 00, 33, FF, 59, 3B, F7, 75, 1D, E8, 16, 38, 00, 00, 57, 57, 57, 57, 57, C7, 00, 16, 00, 00, 00, E8, 3E, E8, FF, FF, 83, C4, 14, 83, C8, FF, EB, 34, 39, 7D, 0C, 74, DE, B9, FF, FF, FF, 7F, C7, 45, EC, 49, 00, 00, 00, 89, 75, E8, 89, 75, E0, 89, 4D, E4, 3B, C1, 77, 03, 89, 45, E4, FF, 75, 14, 8D, 45, E0, FF, 75, 10, FF, 75, 0C, 50, FF, 55, 08, 83, C4, 10, 5F, C9, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 8D, 45, 10...
 
[+]

Entropy:
6.5551

Code size:
2.4 MB (2,523,648 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
XCube

Command:
C:\users\{user}\appdata\roaming\xcube\xcube.exe --minimize


Scan xcube.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.