adskip.exe

Biling Network Technology Co.,Ltd.

The application adskip.exe, “ADSkip 32 Bit Application” by Biling Network Technology Co.,Ltd has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program AdSkip by Biling Network Technology Co. Ltd..
Publisher:
Biling Network Technology Co.,Ltd.  (signed and verified)

Description:
ADSkip 32 Bit Application

Version:
1.3.816.9900

MD5:
c04940b64af11c6c3d97c5fbf8bee638

SHA-1:
a3f384b70bb61743609631dd9f5dcd549d89610a

SHA-256:
d0893678edd504107c893c3d6e306a7b8737f6056dc4a3f7a9ea570f5b07663e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 2:50:25 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.AdSkip (M)
16.8.24.6

File size:
2.3 MB (2,431,608 bytes)

Product version:
1.3.816.9900

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\adskip\adskip.exe

Digital Signature
Authority:
WoSign CA Limited

Valid from:
4/25/2016 12:51:56 PM

Valid to:
4/25/2017 12:51:56 PM

Subject:
CN="Biling Network Technology Co.,Ltd.", O="Biling Network Technology Co.,Ltd.", L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
11AE41C83CE032AEB9711D21E8900AF9

File PE Metadata
Compilation timestamp:
8/16/2016 3:16:46 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:Kz07dtASOJjzGXOkbBRtYxQIbeO7T5LHVagEteihjiu6XD1:ez/kbBRtYxjbPEte8iuC

Entry address:
0x13326B

Entry point:
E8, 16, 67, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 30, 34, 5C, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, C0, 47, 5B, 00, 01, 0F, 82, 0A, 68, 01, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1...
 
[+]

Entropy:
6.8502

Code size:
1.5 MB (1,529,856 bytes)

Windows Firewall Allowed Program
Name:
adskip


The file adskip.exe has been discovered within the following program.

AdSkip  by Biling Network Technology Co. Ltd.
www.adskiper.com
35% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

TCP (HTTP):
Connects to 203.130.58.29-BJ-CNC  (203.130.58.29:80)

TCP (HTTP):
Connects to websrs04.brain.net.pk  (203.128.6.134:80)

TCP (HTTP):
Connects to unknown.telstraglobal.net  (202.127.76.232:80)

TCP (HTTP):
Connects to tw194-static236.tw1.com  (110.93.194.236:80)

TCP (HTTP):
Connects to static.108.107.4.46.clients.your-server.de  (46.4.107.108:80)

TCP (HTTP):
Connects to server-52-84-105-9.del51.r.cloudfront.net  (52.84.105.9:80)

TCP (HTTP):
Connects to server-52-84-102-80.del51.r.cloudfront.net  (52.84.102.80:80)

TCP (HTTP):
Connects to server-52-84-102-245.del51.r.cloudfront.net  (52.84.102.245:80)

TCP (HTTP):
Connects to msnbot-207-46-194-10.search.msn.com  (207.46.194.10:80)

TCP (HTTP):
Connects to ip-208-109-88-195.ip.secureserver.net  (208.109.88.195:80)

TCP (HTTP):
Connects to ip-172-19-2-20.ec2.internal  (172.19.2.20:80)

TCP (HTTP):
Connects to host-181-174.167.236.offshoreracks.com  (181.174.167.236:80)

TCP (HTTP):
Connects to ec2-54-86-210-181.compute-1.amazonaws.com  (54.86.210.181:80)

TCP (HTTP):
Connects to ec2-54-243-103-160.compute-1.amazonaws.com  (54.243.103.160:80)

TCP (HTTP):
Connects to ec2-54-183-78-77.us-west-1.compute.amazonaws.com  (54.183.78.77:80)

TCP (HTTP):

TCP (HTTP):
Connects to ec2-52-3-212-43.compute-1.amazonaws.com  (52.3.212.43:80)

TCP (HTTP):

TCP (HTTP):
Connects to ec2-23-21-73-89.compute-1.amazonaws.com  (23.21.73.89:80)

Remove adskip.exe - Powered by Reason Core Security