SkyMonk.exe

SkyMonk Client

Skymonk Solutions Limited

The application SkyMonk.exe by Skymonk Solutions Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘SkyMonk’. This file is typically installed with the program SkyMonk Client by Skymonk Solutions Limited. While running, it connects to the Internet address 80-92-65-214.ip.dclux.com on port 80 using the HTTP protocol.
Publisher:
Skymonk Solutions Limited  (signed and verified)

Product:
SkyMonk Client

Version:
1, 78, 0, 0

MD5:
14d9ab8c600ea2155d3c1178170137ec

SHA-1:
e335ad4ea272411ff33a953463b7ed096bc41c4e

SHA-256:
0114150b73370e542d663770966bbcd52c9bf0dd4d386ffe570c5edeb8c310a4

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/5/2024 10:54:46 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Startup.SkymonkSolutionsLimited.H
14.5.19.1

File size:
374.1 KB (383,120 bytes)

Product version:
1.78

Original file name:
SkyMonk.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\skymonk\skymonk.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/9/2012 2:00:00 AM

Valid to:
4/10/2015 1:59:59 AM

Subject:
CN=Skymonk Solutions Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Skymonk Solutions Limited, L=Tortola, S=Tortola, C=VG

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
632A5F301191DF03C4933D982BAD525F

File PE Metadata
Compilation timestamp:
4/17/2012 5:51:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:Ple54p3wMnqJg/v8nziKyOAEN8tcPKnw8SElsnP57Hi0aks7MC51a4rf:9S4pgMnqJgnxdOA4zKnCElcPjakkMCTF

Entry address:
0x112700

Entry point:
60, BE, 00, 80, 4C, 00, 8D, BE, 00, 90, F3, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.7858

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
300 KB (307,200 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SkyMonk

Command:
C:\Program Files\skymonk\skymonk.exe -tray


The file SkyMonk.exe has been discovered within the following program.

SkyMonk Client  by Skymonk Solutions Limited
skymonk.net
About 6% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 80-92-65-214.ip.dclux.com  (80.92.65.214:80)

Remove SkyMonk.exe - Powered by Reason Core Security