home

xblive.exe

Microsoft Windows Operating System

Dong Qian

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application xblive.exe, “Microsoft XBox Live” by Dong Qian has been detected as a potentially unwanted program by 5 anti-malware scanners. It runs as a windows Service named “Xbox Live Network Manager Service”.
Publisher:
Microsoft Corporation  (signed by Dong Qian)

Product:
Microsoft Windows Operating System

Description:
Microsoft XBox Live

Version:
6.3.9600.17284 (aaa.140822-1915)

MD5:
035ff41aa37b17c165bdd5f8288c9bf1

SHA-1:
dbcd08aecd49898231c71431f4ec6a07eab18e80

SHA-256:
5039656213661c852ada5f9be0cec1ef5239ca286e55d971f3e7672ab06dc737

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
6/23/2025 7:08:03 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Egguard.A trojan
8.0.319.0

Kaspersky
not-a-virus:AdWare.Win32.Goobzo
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.217.2445.0

Norman
Adware.Agent.QKY
19.05.2016 05:17:13

VIPRE Antivirus
Threat.4725471
48690

File size:
5.6 MB (5,906,904 bytes)

Product version:
xbox 4.0

Copyright:
Microsoft Corporation. All rights reserved.

Original file name:
xbox.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\xbox\xblive.exe

Digital Signature
Signed by:
Dong Qian

Authority:
WoSign CA Limited

Valid from:
8/26/2015 6:10:40 AM

Valid to:
8/26/2016 6:10:40 AM

Subject:
CN=Dong Qian, L=Jixi, S=Heilongjiang, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
3E9D26DCF703CA3B140D7E7AD48312E2

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
3.0

CTPH (ssdeep):
98304:Ji6IRAM51B/FrOk3TkUqEQhxv+7dq3K+B:JIRAM51B/FrOk3TkUqEQ+SFB

Entry address:
0x519F0

Entry point:
83, EC, 0C, 8B, 44, 24, 0C, 8D, 5C, 24, 10, 89, 44, 24, 04, 89, 5C, 24, 08, C7, 04, 24, FF, FF, FF, FF, E9, 01, 00, 00, 00, CC, E9, 0B, D3, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 5C, 24, 04, 64, C7, 05, 34, 00, 00, 00, 00, 00, 00, 00, 89, E5, 8B, 4B, 04, 89, C8, C1, E0, 02, 29, C4, 89, E7, 8B, 73, 08, FC, F3, A5, FF, 13, 89, EC, 8B, 5C, 24, 04, 89, 43, 0C, 89, 53, 10, 64, 8B, 05, 34, 00, 00, 00, 89, 43, 14, C3, CC, CC, CC, CC, 83, EC, 18, C7, 04, 24, F4, FF, FF, FF, 89, E5, FF, 15, 58, 90...
 
[+]

Code size:
5.5 MB (5,796,352 bytes)

Service
Display name:
Xbox Live Network Manager Service

Service name:
XBox

Description:
Xbox Live Network Service

Type:
Win32OwnProcess, InteractiveProcess


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ec2-52-67-25-90.sa-east-1.compute.amazonaws.com  (52.67.25.90:80)

Remove xblive.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.