× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 80480a36bccbce4118fa7b442ef6255fc9b57f8e9f926fc55ddb6a9355b40dec
File name: SkypeCleaner.exe
Detection ratio: 8 / 54
Analysis date: 2014-11-09 19:46:43 UTC ( 3 years, 9 months ago )
Antivirus Result Update
AVG Generic35.BJXZ 20141112
K7AntiVirus Riskware ( 0040eff71 ) 20141111
K7GW Riskware ( 0040eff71 ) 20141112
McAfee Artemis!DD8A902F747D 20141112
McAfee-GW-Edition BehavesLike.Win32.Trojan.tc 20141112
NANO-Antivirus Trojan.Win32.FakeAV.cybsud 20141112
Symantec WS.Reputation.1 20141112
VBA32 Trojan.FakeAV 20141111
Ad-Aware 20141112
AegisLab 20141112
Yandex 20141111
AhnLab-V3 20141111
Antiy-AVL 20141112
Avast 20141112
Avira (no cloud) 20141112
AVware 20141112
Baidu-International 20141107
BitDefender 20141112
Bkav 20141112
ByteHero 20141112
CAT-QuickHeal 20141112
ClamAV 20141112
CMC 20141110
Comodo 20141112
Cyren 20141112
DrWeb 20141112
Emsisoft 20141112
ESET-NOD32 20141112
F-Prot 20141111
F-Secure 20141112
Fortinet 20141112
GData 20141112
Ikarus 20141112
Jiangmin 20141111
Kaspersky 20141112
Kingsoft 20141112
Malwarebytes 20141112
Microsoft 20141112
eScan 20141112
Norman 20141112
nProtect 20141111
Panda 20141110
Qihoo-360 20141112
Rising 20141111
Sophos AV 20141112
SUPERAntiSpyware 20141112
Tencent 20141112
TheHacker 20141111
TotalDefense 20141111
TrendMicro 20141112
VIPRE 20141112
ViRobot 20141112
Zillya 20141111
Zoner 20141110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Microsoft 2013

Publisher SkypeCleaner
Product SkypeCleaner
Original name SkypeCleaner.exe
Internal name SkypeCleaner.exe
File version 1.0.0.0
Description SkypeCleaner
Comments SkypeCleaner
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-26 18:57:33
Entry Point 0x00004067
Number of sections 6
PE sections
PE imports
CreateFileMappingW
GetLastError
GetModuleHandleA
HeapFree
LoadLibraryW
GetFileSizeEx
SetEnvironmentVariableW
GetSystemInfo
GetFileInformationByHandle
GetModuleFileNameW
UnmapViewOfFile
CreateFileW
VirtualFree
HeapAlloc
CloseHandle
MapViewOfFile
GetTickCount
GetProcAddress
VirtualAlloc
GetProcessHeap
Number of PE resources by type
RT_ICON 9
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 12
PE resources
ExifTool file metadata
PackagerVersion
11.4.176

SubsystemVersion
5.0

Comments
SkypeCleaner

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

VmVersion
11.2.123

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
SkypeCleaner

FileVersionNumber
1.0.0.0

CharacterSet
Unicode

InitializedDataSize
221184

FileOS
Win32

Packager
Info...

MIMEType
application/octet-stream

LegalCopyright
Copyright Microsoft 2013

FileVersion
1.0.0.0

TimeStamp
2014:10:26 19:57:33+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SkypeCleaner.exe

FileAccessDate
2014:11:12 10:06:41+01:00

ProductVersion
2.0.0.0

UninitializedDataSize
0

OSVersion
5.0

FileCreateDate
2014:11:12 10:06:41+01:00

OriginalFilename
SkypeCleaner.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SkypeCleaner

CodeSize
16384

ProductName
SkypeCleaner

ProductVersionNumber
2.0.0.0

EntryPoint
0x4067

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 dd8a902f747dc0c3cc7005d9fa4dd8d4
SHA1 ddda455f76fff7b471f91e360f109e4683196f70
SHA256 80480a36bccbce4118fa7b442ef6255fc9b57f8e9f926fc55ddb6a9355b40dec
ssdeep
24576:NWImSQV2yk6cKI1AeQNSW5zbFDejbxIIYOOidHgg4ClRTEi9x7JsBCLT:EqQP0KIzQNbbkjVbY2HggZBEcBLT

authentihash 84d2064d222ee6ea10beccf6ffd7588d63c75836064d2d77218bd00f2cf17db8
imphash bc10594f0e5b090521adac523994d99c
File size 1.5 MB ( 1575118 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-10-26 19:11:52 UTC ( 3 years, 9 months ago )
Last submission 2014-10-26 19:11:52 UTC ( 3 years, 9 months ago )
File names SkypeCleaner.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections