adskip.exe

Biling Network Technology Co.,Ltd.

The application adskip.exe, “ADSkip 32 Bit Application” by Biling Network Technology Co.,Ltd has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program AdSkip by Biling Network Technology Co. Ltd.. While running, it connects to the Internet address rtr3.l7.search.vip.gq1.yahoo.com on port 80 using the HTTP protocol.
Publisher:
Biling Network Technology Co.,Ltd.  (signed and verified)

Description:
ADSkip 32 Bit Application

Version:
1.3.816.2100

MD5:
a32e3395671a371b5ba3e5950ff929eb

SHA-1:
c249b36e7861319b998f4d8ceacfa3536421a738

SHA-256:
c988af45d2925a7027b885aefc493d8a4dbf1fc664ef7724dfa430a70207a1b5

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 2:43:51 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.AdSkip (M)
16.8.24.7

File size:
2.3 MB (2,431,608 bytes)

Product version:
1.3.816.2100

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\adskip\adskip.exe

Digital Signature
Authority:
WoSign CA Limited

Valid from:
4/25/2016 2:51:56 PM

Valid to:
4/25/2017 2:51:56 PM

Subject:
CN="Biling Network Technology Co.,Ltd.", O="Biling Network Technology Co.,Ltd.", L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
11AE41C83CE032AEB9711D21E8900AF9

File PE Metadata
Compilation timestamp:
8/16/2016 5:31:43 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:Xz07dtASOJjzGXOkbBRtYxQIbeOjT5LHy5gEteihjiu6Xzd:bz/kbBRtYxjbJEte8iuW

Entry address:
0x13326B

Entry point:
E8, 16, 67, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 30, 34, 5C, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, C0, 47, 5B, 00, 01, 0F, 82, 0A, 68, 01, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1...
 
[+]

Entropy:
6.8502

Code size:
1.5 MB (1,529,856 bytes)

Windows Firewall Allowed Program
Name:
adskip


The file adskip.exe has been discovered within the following program.

AdSkip  by Biling Network Technology Co. Ltd.
www.adskiper.com
35% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-244-112-195.us-west-2.compute.amazonaws.com  (54.244.112.195:80)

TCP (HTTP):
Connects to rtr3.l7.search.vip.gq1.yahoo.com  (208.71.45.11:80)

TCP (HTTP):
Connects to notesdesk.com  (104.236.123.58:80)

TCP (HTTP):
Connects to server-54-230-150-232.sin2.r.cloudfront.net  (54.230.150.232:80)

TCP (HTTP):
Connects to server-54-230-141-25.sfo5.r.cloudfront.net  (54.230.141.25:80)

TCP (HTTP):
Connects to server-54-192-150-243.sin2.r.cloudfront.net  (54.192.150.243:80)

TCP (HTTP):
Connects to server-54-192-150-225.sin2.r.cloudfront.net  (54.192.150.225:80)

TCP (HTTP):
Connects to server-52-84-239-98.sfo5.r.cloudfront.net  (52.84.239.98:80)

TCP (HTTP):
Connects to s3-1.amazonaws.com  (52.216.32.19:80)

TCP (HTTP):
Connects to ec2-52-0-49-41.compute-1.amazonaws.com  (52.0.49.41:80)

TCP (HTTP):
Connects to ec2-50-19-60-226.compute-1.amazonaws.com  (50.19.60.226:80)

TCP (HTTP):
Connects to ec2-50-16-187-244.compute-1.amazonaws.com  (50.16.187.244:80)

TCP (HTTP):
Connects to ec2-35-163-200-227.us-west-2.compute.amazonaws.com  (35.163.200.227:80)

TCP (HTTP):
Connects to a96-6-68-21.deploy.akamaitechnologies.com  (96.6.68.21:80)

TCP (HTTP):
Connects to a23-219-135-212.deploy.static.akamaitechnologies.com  (23.219.135.212:80)

TCP (HTTP):
Connects to a23-219-134-178.deploy.static.akamaitechnologies.com  (23.219.134.178:80)

TCP (HTTP):
Connects to 65.254.178.107.bc.googleusercontent.com  (107.178.254.65:80)

TCP (HTTP):
Connects to 59.32-akamai-pool.skybroadband.com.ph  (111.68.59.32:80)

TCP (HTTP):
Connects to server-54-230-150-44.sin2.r.cloudfront.net  (54.230.150.44:80)

TCP (HTTP):
Connects to ec2-54-225-185-72.compute-1.amazonaws.com  (54.225.185.72:80)

Remove adskip.exe - Powered by Reason Core Security