home

xblive.exe

Microsoft Windows Operating System

Dong Qian

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application xblive.exe, “Microsoft XBox Live” by Dong Qian has been detected as a potentially unwanted program by 3 anti-malware scanners. It runs as a windows Service named “Xbox Live Network Manager Service”.
Publisher:
Microsoft Corporation  (signed by Dong Qian)

Product:
Microsoft Windows Operating System

Description:
Microsoft XBox Live

Version:
6.3.9600.17284 (aaa.140822-1915)

MD5:
566d74e27a753233d119ae2722aaf27c

SHA-1:
1b97b5feaf03c0f3b2bf2eb54ac980e2daba42b8

SHA-256:
f2fb9c81205ccfedd9ac8a0a4227e73b3e155b2670ece2fd69a03c54d50bd217

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
6/23/2025 9:27:45 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Egguard.A trojan
6.3.12010.0

Kaspersky
not-a-virus:AdWare.Win32.Goobzo
15.0.2.529

Microsoft Security Essentials
Trojan:Win32/Posehost.A
1.233.535.0

File size:
5.6 MB (5,906,904 bytes)

Product version:
xbox 4.0

Copyright:
Microsoft Corporation. All rights reserved.

Original file name:
xbox.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\xbox\xblive.exe

Digital Signature
Signed by:
Dong Qian

Authority:
WoSign CA Limited

Valid from:
8/26/2015 6:10:40 AM

Valid to:
8/26/2016 6:10:40 AM

Subject:
CN=Dong Qian, L=Jixi, S=Heilongjiang, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
3E9D26DCF703CA3B140D7E7AD48312E2

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
3.0

CTPH (ssdeep):
98304:Ji6IRAM51B/FrOk3TkUqEQBxv+7dq3K+B:JIRAM51B/FrOk3TkUqEQeSFB

Entry address:
0x519F0

Entry point:
83, EC, 0C, 8B, 44, 24, 0C, 8D, 5C, 24, 10, 89, 44, 24, 04, 89, 5C, 24, 08, C7, 04, 24, FF, FF, FF, FF, E9, 01, 00, 00, 00, CC, E9, 0B, D3, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 5C, 24, 04, 64, C7, 05, 34, 00, 00, 00, 00, 00, 00, 00, 89, E5, 8B, 4B, 04, 89, C8, C1, E0, 02, 29, C4, 89, E7, 8B, 73, 08, FC, F3, A5, FF, 13, 89, EC, 8B, 5C, 24, 04, 89, 43, 0C, 89, 53, 10, 64, 8B, 05, 34, 00, 00, 00, 89, 43, 14, C3, CC, CC, CC, CC, 83, EC, 18, C7, 04, 24, F4, FF, FF, FF, 89, E5, FF, 15, 58, 90...
 
[+]

Code size:
5.5 MB (5,796,352 bytes)

Service
Display name:
Xbox Live Network Manager Service

Service name:
XBox

Description:
Xbox Live Network Service

Type:
Win32OwnProcess, InteractiveProcess


Remove xblive.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.