» xblive.exe
Overview
Analysis
File Details
Behaviors (1)

xblive.exe

Microsoft Windows Operating System

Dong Qian

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable xblive.exe, “Microsoft XBox Live” has been detected as malware by 3 anti-virus scanners. It runs as a windows Service named “Xbox Live Network Manager Service”.

File name:

xblive.exe

Publisher:

Microsoft Corporation (signed by Dong Qian)

Product:

Microsoft Windows Operating System

Description:

Microsoft XBox Live

Version:

6.3.9600.17284 (aaa.140822-1915)

MD5:

fbb81085edd02841034fe6678755f01b

SHA-1:

4739d2db69df59f0e4bce7661080a9d3146757a1

SHA-256:

df207ee966c28acd65275aa45c8f71612722756e321b0508789a1f990d903a4a

Scanner detections:

3 / 68

Status:

Malware

Analysis date:

6/23/2025 1:08:47 PM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Egguard.A trojan

8.0.319.0

F-Secure

Variant.Midie.8641

5.15.96

Norman

Gen:Variant.Midie.8641

02.04.2016 17:35:19

File size:

5.6 MB (5,906,904 bytes)

Product version:

xbox 4.0

Original file name:

xbox.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\xbox\xblive.exe

Digital Signature

Signed by:

Dong Qian

Authority:

WoSign CA Limited

Valid from:

8/26/2015 6:10:40 AM

Valid to:

8/26/2016 6:10:40 AM

Subject:

CN=Dong Qian, L=Jixi, S=Heilongjiang, C=CN

Issuer:

CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

3E9D26DCF703CA3B140D7E7AD48312E2

File PE Metadata

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

3.0

CTPH (ssdeep):

98304:Ji6IRAM51B/FrOk3TkUqEQhxw+7dq3K+B:JIRAM51B/FrOk3TkUqEQpSFB

Entry address:

0x519F0

Entry point:

83, EC, 0C, 8B, 44, 24, 0C, 8D, 5C, 24, 10, 89, 44, 24, 04, 89, 5C, 24, 08, C7, 04, 24, FF, FF, FF, FF, E9, 01, 00, 00, 00, CC, E9, 0B, D3, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 5C, 24, 04, 64, C7, 05, 34, 00, 00, 00, 00, 00, 00, 00, 89, E5, 8B, 4B, 04, 89, C8, C1, E0, 02, 29, C4, 89, E7, 8B, 73, 08, FC, F3, A5, FF, 13, 89, EC, 8B, 5C, 24, 04, 89, 43, 0C, 89, 53, 10, 64, 8B, 05, 34, 00, 00, 00, 89, 43, 14, C3, CC, CC, CC, CC, 83, EC, 18, C7, 04, 24, F4, FF, FF, FF, 89, E5, FF, 15, 58, 90... 
[+]

Code size:

5.5 MB (5,796,352 bytes)

Service

Display name:

Xbox Live Network Manager Service

Service name:

XBox

Description:

Xbox Live Network Service

Type:

Win32OwnProcess, InteractiveProcess

Remove xblive.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.