home

xskywalker.exe

XSkyWalker

Square Network Tech Co.,LTD.

The application xskywalker.exe by Square Network Tech Co.,LTD has been detected as adware by 6 anti-malware scanners. This file is typically installed with the program XSkyWalker 3.2.1129.0 by XSkyWalker.
Publisher:
The XSkyWalker Authors  (signed by Square Network Tech Co.,LTD.)

Product:
XSkyWalker

Version:
32.0.1653.0

MD5:
3b9c641b52288ff48c4dc22264b206d8

SHA-1:
8161ed7d9e267f9955658d36bbe7ac24df91c79e

SHA-256:
9456b889485da5aba2e8f852e21e31fc73fd6dce85252fd685b93646c398531c

Scanner detections:
6 / 68

Status:
Adware

Analysis date:
4/19/2024 2:29:05 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.3185

Baidu Antivirus
PUA.Win32.SquareNet
4.0.3.15228

McAfee
Artemis!3B9C641B5228
5600.6841

Reason Heuristics
PUP.SquareNetworkTechCoLTD
15.2.28.9

Trend Micro House Call
Suspicious_GEN.F47V0215
7.2.59

VIPRE Antivirus
TrackCash
37976

File size:
2.3 MB (2,420,528 bytes)

Product version:
32.0.1653.0

Copyright:
Copyright 2014 The XSkyWalker Authors. All rights reserved.

Original file name:
chrome.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\xskywalker\application\xskywalker.exe

Digital Signature
Signed by:
Square Network Tech Co.,LTD.

Authority:
VeriSign, Inc.

Subject:
CN="Square Network Tech Co.,LTD.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Square Network Tech Co.,LTD.", L=Zhongshan, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
08F1CEE1EA15CE4F4CA29FDEBE3DACA3

File PE Metadata
Compilation timestamp:
12/5/2014 8:16:26 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:H6NVtSK6Yj/h6VgFGcUm0syvkNsBgs1yT4l4o:aEYNdum0srN4gs0TY

Entry address:
0x71186

Entry point:
E8, DC, BE, 00, 00, E9, 89, FE, FF, FF, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 5C, 6F, 4C, 00, 00, 75, 18, E8, 63, 6D, 00, 00, 6A, 1E, E8, AD, 6B, 00, 00, 68, FF, 00, 00, 00, E8, 46, FB, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, 5C, 6F, 4C, 00, FF, 15, A0, 02, 49, 00...
 
[+]

Entropy:
3.6577

Code size:
570 KB (583,680 bytes)

The file xskywalker.exe has been discovered within the following program.

XSkyWalker 3.2.1129.0  by XSkyWalker
www.xskywalker.com
About 8% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to mitsdesign.ca  (23.254.164.239:80)

TCP (HTTP SSL):
Connects to lb.usemaxserver.de  (212.48.120.130:443)

TCP (HTTP):
Connects to 62.a7.adb8.ip4.static.sl-reverse.com  (184.173.167.98:80)

TCP (HTTP):
Connects to www.noelshack.com  (193.36.45.15:80)

TCP (HTTP SSL):
Connects to server-54-192-150-211.sin2.r.cloudfront.net  (54.192.150.211:443)

TCP (HTTP SSL):
Connects to server-54-192-150-151.sin2.r.cloudfront.net  (54.192.150.151:443)

TCP (HTTP SSL):
Connects to ec2-50-19-86-123.compute-1.amazonaws.com  (50.19.86.123:443)

TCP (HTTP SSL):
Connects to ec2-184-72-221-20.compute-1.amazonaws.com  (184.72.221.20:443)

TCP (HTTP SSL):
Connects to ec2-107-22-244-183.compute-1.amazonaws.com  (107.22.244.183:443)

TCP (HTTP SSL):
Connects to ec2-50-19-90-241.compute-1.amazonaws.com  (50.19.90.241:443)

TCP (HTTP SSL):
Connects to a23-42-212-132.deploy.static.akamaitechnologies.com  (23.42.212.132:443)

Remove xskywalker.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.