× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 99d8d0e5192a1d19c84b045687efa79faa12eabfb2babb06b11736caf1084a5d
File name: Skype.exe
Detection ratio: 46 / 56
Analysis date: 2015-07-27 17:50:44 UTC ( 5 days, 18 hours ago )
Antivirus Result Update
ALYac Trojan.Generic.KDZ.12507 20150727
AVG Dropper.Generic8.DVS 20150727
AVware Trojan.Win32.Generic!BT 20150727
Ad-Aware Trojan.Generic.KDZ.12507 20150727
Agnitum Trojan.VB!fYNZa8PdOII 20150727
AhnLab-V3 Spyware/Win32.Zbot 20150727
Antiy-AVL Trojan/Win32.VB 20150727
Arcabit Trojan.Generic.KDZ.D30DB 20150727
Avast Win32:VB-AFUL [Trj] 20150727
Avira TR/Rogue.kdz.12507 20150727
Baidu-International Trojan.Win32.VB.cezx 20150727
BitDefender Trojan.Generic.KDZ.12507 20150727
CAT-QuickHeal Trojan.Phorpiex.rw3 20150727
ClamAV Win.Trojan.Inject-4698 20150727
Comodo UnclassifiedMalware 20150727
Cyren W32/Backdoor.QGLY-7184 20150727
DrWeb Trojan.Packed.24100 20150727
ESET-NOD32 Win32/Videspra.AO 20150727
Emsisoft Trojan.Generic.KDZ.12507 (B) 20150727
F-Prot W32/Backdoor2.HRZO 20150727
F-Secure Trojan.Generic.KDZ.12507 20150727
Fortinet W32/Injector.AEPK!tr 20150727
GData Trojan.Generic.KDZ.12507 20150727
Ikarus Trojan.Win32.VB 20150727
K7AntiVirus Riskware ( 0040eff71 ) 20150727
K7GW Riskware ( 0040eff71 ) 20150727
Kaspersky Trojan.Win32.VB.cezx 20150727
Malwarebytes Trojan.FakeSky 20150727
McAfee Generic.pa 20150727
McAfee-GW-Edition BehavesLike.Win32.AAEH.dh 20150727
MicroWorld-eScan Trojan.Generic.KDZ.12507 20150727
Microsoft Worm:Win32/Phorpiex.T 20150727
NANO-Antivirus Trojan.Win32.Rogue.bmorxx 20150727
Panda Trj/Agent.IVN 20150727
Qihoo-360 HEUR/Malware.QVM03.Gen 20150727
Sophos Mal/Generic-L 20150727
Symantec Trojan Horse 20150727
Tencent Win32.Trojan.Vb.daqx 20150727
TheHacker Trojan/Injector.aepk 20150723
TotalDefense Win32/Inject.BAK 20150727
TrendMicro TROJ_SPNR.14DG13 20150727
TrendMicro-HouseCall TROJ_SPNR.14DG13 20150727
VIPRE Trojan.Win32.Generic!BT 20150727
ViRobot Trojan.Win32.S.Zbot.208896.J[h] 20150727
Zoner I-Worm.Videspra.AO 20150727
nProtect Trojan.Generic.KDZ.12507 20150727
AegisLab 20150727
Alibaba 20150727
Bkav 20150727
ByteHero 20150727
Jiangmin 20150726
Kingsoft 20150727
Rising 20150722
SUPERAntiSpyware 20150727
VBA32 20150727
Zillya 20150727
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2003 - 2012 Skype and/or Microsoft

Publisher Skype Technologies S.A.
Product Skype
Original name Skype.exe
Internal name Skype.exe
File version 6.2.66.106
Description Skype
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-30 18:44:56
Link date 7:44 PM 3/30/2013
Entry Point 0x00001414
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(712)
EVENT_SINK_Release
__vbaEnd
__vbaStrCmp
_allmul
_adj_fdivr_m64
_adj_fprem
Ord(594)
__vbaLenBstr
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
Ord(535)
__vbaInStr
EVENT_SINK_QueryInterface
__vbaStrCopy
__vbaExceptHandler
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
Ord(618)
_adj_fdiv_r
Ord(100)
__vbaUI1I2
__vbaFreeVar
Ord(519)
Ord(536)
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
Ord(606)
_CIcos
Ord(616)
Ord(587)
_adj_fptan
Ord(593)
__vbaFreeObjList
__vbaObjSet
__vbaErrorOverflow
_CIatan
__vbaNew2
_adj_fdivr_m32i
Ord(631)
_CItan
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(537)
__vbaFreeStrList
__vbaFpI4
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_CURSOR 21
RT_GROUP_CURSOR 15
RT_ICON 4
RT_BITMAP 4
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 38
GERMAN 4
NEUTRAL 4
ARABIC NEUTRAL 1
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
29.26

FileSubtype
0

FileVersionNumber
6.2.66.106

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Skype

CharacterSet
Windows, Latin1

InitializedDataSize
151552

EntryPoint
0x1414

BuildTime
2/7/2013 12:53:18 PM

OriginalFileName
Skype.exe

MIMEType
application/octet-stream

LegalCopyright
2003 - 2012 Skype and/or Microsoft

FileVersion
6.2.66.106

TimeStamp
2013:03:30 19:44:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Skype.exe

ProductVersion
6.2

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Skype Technologies S.A.

CodeSize
53248

ProductName
Skype

ProductVersionNumber
6.2.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 cfaf9e3345bb6dc7204d6ad1a266a4c0
SHA1 b82a08ec329955d1dc179edbb187d4e0d8a01724
SHA256 99d8d0e5192a1d19c84b045687efa79faa12eabfb2babb06b11736caf1084a5d
ssdeep
3072:7000WkaNrEl3pzM5yZ7VVWP4ROeMUZdtBLh6m1HSZxznFCSemSzifZG4/:767l3C52hVJMUjtBl5HixznUmSk

authentihash fa926677743cfb5174e709b710c60d47ffb565366914acbb8c25c305319633e3
imphash 98f3ce2735b6a937caee078ba37377e1
File size 204.0 KB ( 208896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (69.4%)
Win64 Executable (generic) (23.3%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-30 22:15:54 UTC ( 2 years, 4 months ago )
Last submission 2015-06-12 11:04:33 UTC ( 1 month, 3 weeks ago )
File names 6595452984.exe
Skype.exe
6795500234.exe
4195736859.exe
005834213
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.