home

xblive.exe

Microsoft Windows Operating System

Dong Qian

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application xblive.exe, “Microsoft XBox Live” by Dong Qian has been detected as a potentially unwanted program by 4 anti-malware scanners. It runs as a windows Service named “Xbox Live Network Manager Service”.
Publisher:
Microsoft Corporation  (signed by Dong Qian)

Product:
Microsoft Windows Operating System

Description:
Microsoft XBox Live

Version:
6.3.9600.17284 (aaa.140822-1915)

MD5:
270ebeae26699de42c3b78837cda1471

SHA-1:
0dbd950bfc7254d91e2b65c26951718b5d0b44e7

SHA-256:
66440a51d22f2dbac5d1fedf9aa169613d3f5908349649d9aa58bcf74b3db8b6

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
6/24/2025 1:34:44 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Egguard.A trojan
8.0.319.0

Kaspersky
not-a-virus:AdWare.Win32.Goobzo
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.221.704.0

VIPRE Antivirus
Threat.4725471
48878

File size:
5.6 MB (5,906,904 bytes)

Product version:
xbox 4.0

Copyright:
Microsoft Corporation. All rights reserved.

Original file name:
xbox.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\xbox\xblive.exe

Digital Signature
Signed by:
Dong Qian

Authority:
WoSign CA Limited

Valid from:
8/26/2015 12:10:40 PM

Valid to:
8/26/2016 12:10:40 PM

Subject:
CN=Dong Qian, L=Jixi, S=Heilongjiang, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
3E9D26DCF703CA3B140D7E7AD48312E2

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
3.0

CTPH (ssdeep):
98304:Ji6IRAM51t/FrOk3TkUqEQhxv+7dq3K+B:JIRAM51t/FrOk3TkUqEQ+SFB

Entry address:
0x519F0

Entry point:
83, EC, 0C, 8B, 44, 24, 0C, 8D, 5C, 24, 10, 89, 44, 24, 04, 89, 5C, 24, 08, C7, 04, 24, FF, FF, FF, FF, E9, 01, 00, 00, 00, CC, E9, 0B, D3, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 5C, 24, 04, 64, C7, 05, 34, 00, 00, 00, 00, 00, 00, 00, 89, E5, 8B, 4B, 04, 89, C8, C1, E0, 02, 29, C4, 89, E7, 8B, 73, 08, FC, F3, A5, FF, 13, 89, EC, 8B, 5C, 24, 04, 89, 43, 0C, 89, 53, 10, 64, 8B, 05, 34, 00, 00, 00, 89, 43, 14, C3, CC, CC, CC, CC, 83, EC, 18, C7, 04, 24, F4, FF, FF, FF, 89, E5, FF, 15, 58, 90...
 
[+]

Code size:
5.5 MB (5,796,352 bytes)

Service
Display name:
Xbox Live Network Manager Service

Service name:
XBox

Type:
Win32OwnProcess, InteractiveProcess


Remove xblive.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.