× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 99d8d0e5192a1d19c84b045687efa79faa12eabfb2babb06b11736caf1084a5d
File name: 005834213
Detection ratio: 47 / 57
Analysis date: 2015-06-12 11:04:33 UTC ( 2 weeks, 3 days ago )
Antivirus Result Update
ALYac Trojan.Generic.KDZ.12507 20150612
AVG Dropper.Generic8.DVS 20150612
AVware Trojan.Win32.Generic!BT 20150612
Ad-Aware Trojan.Generic.KDZ.12507 20150612
Agnitum Trojan.VB!fYNZa8PdOII 20150611
AhnLab-V3 Spyware/Win32.Zbot 20150612
Antiy-AVL Trojan/Win32.VB 20150612
Arcabit Trojan.Generic.KDZ.D30DB 20150612
Avast Win32:VB-AFUL [Trj] 20150612
Avira TR/Rogue.kdz.12507 20150612
Baidu-International Trojan.Win32.VB.cezx 20150612
BitDefender Trojan.Generic.KDZ.12507 20150612
CAT-QuickHeal Trojan.Phorpiex.rw3 20150612
ClamAV Win.Trojan.Inject-4698 20150611
Comodo UnclassifiedMalware 20150612
Cyren W32/Backdoor.QGLY-7184 20150612
DrWeb Trojan.Packed.24100 20150612
ESET-NOD32 Win32/Videspra.AO 20150612
Emsisoft Trojan.Generic.KDZ.12507 (B) 20150612
F-Prot W32/Backdoor2.HRZO 20150612
F-Secure Trojan.Generic.KDZ.12507 20150612
Fortinet W32/Injector.AEPK!tr 20150612
GData Trojan.Generic.KDZ.12507 20150612
Ikarus Trojan.Win32.VB 20150612
K7AntiVirus Riskware ( 0040eff71 ) 20150612
K7GW Riskware ( 0040eff71 ) 20150612
Kaspersky Trojan.Win32.VB.cezx 20150612
Malwarebytes Trojan.FakeSky 20150612
McAfee Generic.pa 20150612
McAfee-GW-Edition BehavesLike.Win32.AAEH.dh 20150612
MicroWorld-eScan Trojan.Generic.KDZ.12507 20150612
Microsoft Worm:Win32/Phorpiex.T 20150612
NANO-Antivirus Trojan.Win32.Rogue.bmorxx 20150612
Panda Trj/Agent.IVN 20150612
Qihoo-360 HEUR/Malware.QVM03.Gen 20150612
Sophos Mal/Generic-L 20150612
Symantec Trojan Horse 20150612
Tencent Win32.Trojan.Vb.daqx 20150612
TheHacker Trojan/Injector.aepk 20150611
TotalDefense Win32/Inject.BAK 20150612
TrendMicro TROJ_SPNR.14DG13 20150612
TrendMicro-HouseCall TROJ_SPNR.14DG13 20150612
VIPRE Trojan.Win32.Generic!BT 20150612
ViRobot Trojan.Win32.S.Zbot.208896.J[h] 20150612
Zillya Trojan.Injector.Win32.190313 20150611
Zoner I-Worm.Videspra.AO 20150612
nProtect Trojan.Generic.KDZ.12507 20150612
AegisLab 20150612
Alibaba 20150611
Bkav 20150611
ByteHero 20150612
CMC 20150610
Jiangmin 20150610
Kingsoft 20150612
Rising 20150612
SUPERAntiSpyware 20150612
VBA32 20150611
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
© 2003 - 2012 Skype and/or Microsoft

Publisher Skype Technologies S.A.
Product Skype
Original name Skype.exe
Internal name Skype.exe
File version 6.2.66.106
Description Skype
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-30 18:44:56
Link date 7:44 PM 3/30/2013
Entry Point 0x00001414
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(712)
EVENT_SINK_Release
__vbaEnd
__vbaStrCmp
_allmul
_adj_fdivr_m64
_adj_fprem
Ord(594)
__vbaLenBstr
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
Ord(535)
__vbaInStr
EVENT_SINK_QueryInterface
__vbaStrCopy
__vbaExceptHandler
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
Ord(618)
_adj_fdiv_r
Ord(100)
__vbaUI1I2
__vbaFreeVar
Ord(519)
Ord(536)
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
Ord(606)
_CIcos
Ord(616)
Ord(587)
_adj_fptan
Ord(593)
__vbaFreeObjList
__vbaObjSet
__vbaErrorOverflow
_CIatan
__vbaNew2
_adj_fdivr_m32i
Ord(631)
_CItan
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(537)
__vbaFreeStrList
__vbaFpI4
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_CURSOR 21
RT_GROUP_CURSOR 15
RT_ICON 4
RT_BITMAP 4
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 38
GERMAN 4
NEUTRAL 4
ARABIC NEUTRAL 1
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
29.26

FileSubtype
0

FileVersionNumber
6.2.66.106

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Skype

CharacterSet
Windows, Latin1

InitializedDataSize
151552

EntryPoint
0x1414

BuildTime
2/7/2013 12:53:18 PM

OriginalFileName
Skype.exe

MIMEType
application/octet-stream

LegalCopyright
2003 - 2012 Skype and/or Microsoft

FileVersion
6.2.66.106

TimeStamp
2013:03:30 19:44:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Skype.exe

ProductVersion
6.2

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Skype Technologies S.A.

CodeSize
53248

ProductName
Skype

ProductVersionNumber
6.2.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 cfaf9e3345bb6dc7204d6ad1a266a4c0
SHA1 b82a08ec329955d1dc179edbb187d4e0d8a01724
SHA256 99d8d0e5192a1d19c84b045687efa79faa12eabfb2babb06b11736caf1084a5d
ssdeep
3072:7000WkaNrEl3pzM5yZ7VVWP4ROeMUZdtBLh6m1HSZxznFCSemSzifZG4/:767l3C52hVJMUjtBl5HixznUmSk

authentihash fa926677743cfb5174e709b710c60d47ffb565366914acbb8c25c305319633e3
imphash 98f3ce2735b6a937caee078ba37377e1
File size 204.0 KB ( 208896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (69.4%)
Win64 Executable (generic) (23.3%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-30 22:15:54 UTC ( 2 years, 3 months ago )
Last submission 2015-06-12 11:04:33 UTC ( 2 weeks, 3 days ago )
File names 6595452984.exe
005834213
6795500234.exe
4195736859.exe
Skype.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.