» skyers.exe
Overview
Analysis
File Details
Behaviors (1)

skyers.exe

Driver Profile Management Tool

KongZhong(China) Co.,Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘FXML’.

File name:

skyers.exe

Publisher:

KongZhong(China) Co.,Ltd (signed and verified)

Product:

Driver Profile Management Tool

Version:

11.1

MD5:

ace5965259c106793b30d4a41988bf5e

SHA-1:

0b73a1a568b41b6e4673eefbeb994e312981cdf0

SHA-256:

474b49cff45d376556524b7a8b150bfa494927c5f05ad956e4e3a7908c88c0e4

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

12/29/2024 2:20:11 AM UTC (today)

Scan engine

Detection

Engine version

F-Secure

Trojan.Heur.JP.nu1@aGVTPuhj

5.15.154

File size:

219.1 KB (224,344 bytes)

Product version:

11.1

Trademarks:

Lexmark International

Original file name:

LEXDCM.EXE

File type:

Executable application (Win32 EXE)

Common path:

C:\Windows\System32\config\systemprofile\appdata\roaming\skyers.exe

Digital Signature

Signed by:

KongZhong(China) Co.,Ltd

Authority:

Thawte, Inc.

Valid from:

8/17/2015 8:00:00 AM

Valid to:

10/16/2017 7:59:59 AM

Subject:

CN="KongZhong(China) Co.,Ltd", OU=IT, O="KongZhong(China) Co.,Ltd", L=Beijing, S=Beijing, C=CN

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

3D8F4440B3BE57415B808EE38D8C54D8

File PE Metadata

Compilation timestamp:

10/3/2016 4:59:49 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:ttJgDMvH6TvnyQ7j+kTBOJQv6HkViY61Cj7briFSftR/xU6g5Kfx:NgDMvH2RykTWH2fx

Entry address:

0xA094

Entry point:

E8, 3A, 63, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 58, 29, 42, 00, E8, 96, 22, 00, 00, E8, 78, 25, 00, 00, 0F, B7, F0, 6A, 02, E8, CD, 62, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 33, 5C, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.2338

Code size:

88.5 KB (90,624 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

FXML

Command:

C:\Windows\System32\config\systemprofile\appdata\roaming\skyers.exe 1000

Scan skyers.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.