» SkyMonk.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

SkyMonk.exe

SkyMonk Client

Skymonk Solutions Limited

The application SkyMonk.exe by Skymonk Solutions Limited has been detected as adware by 4 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘SkyMonk’. This file is typically installed with the program SkyMonk Client by Skymonk Solutions Limited.

File name:

SkyMonk.exe

Publisher:

Skymonk Solutions Limited (signed and verified)

Product:

SkyMonk Client

Version:

1, 77, 0, 0

MD5:

388910fa90553cbbab00a29859ecb478

SHA-1:

7c3368b0f64be9e9931b7930f7ffac396ff1e6d5

SHA-256:

4261b6c2f230530bb4dd441a839fdfc5a2e4fffe35b00e453dd06122f0a456fa

Scanner detections:

4 / 68

Status:

Adware

Analysis date:

4/24/2024 11:16:09 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Kaspersky

not-a-virus:AdWare.Win32.Skyli

14.0.0.658

Reason Heuristics

PUP.SkymonkSolutions (M)

16.2.15.8

Trend Micro House Call

TROJ_GEN.F47V0217

7.2.46

Vba32 AntiVirus

AdWare.Skyli.a

3.12.26.3

File size:

374.1 KB (383,120 bytes)

Product version:

1.77

Original file name:

SkyMonk.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\skymonk\skymonk.exe

Digital Signature

Signed by:

Skymonk Solutions Limited

Authority:

VeriSign, Inc.

Valid from:

4/8/2012 9:00:00 PM

Valid to:

4/9/2015 8:59:59 PM

Subject:

CN=Skymonk Solutions Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Skymonk Solutions Limited, L=Tortola, S=Tortola, C=VG

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

632A5F301191DF03C4933D982BAD525F

File PE Metadata

Compilation timestamp:

4/12/2012 12:34:19 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:o67W8jALNy+AsVCi4+eKfyoFDeiyNlD/MN2BGb9CFi4rp:oRRAsVtU5oFXwEMGpSi4d

Entry address:

0x112650

Entry point:

60, BE, 00, 80, 4C, 00, 8D, BE, 00, 90, F3, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

300 KB (307,200 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

SkyMonk

Command:

C:\Program Files\skymonk\skymonk.exe -tray

The file SkyMonk.exe has been discovered within the following program.

SkyMonk Client by Skymonk Solutions Limited

skymonk.net

About 6% of users remove it

Remove SkyMonk.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.