× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 99d8d0e5192a1d19c84b045687efa79faa12eabfb2babb06b11736caf1084a5d
File name: 6595452984.exe
Detection ratio: 9 / 46
Analysis date: 2013-03-31 16:13:13 UTC ( 1 year ago )
Antivirus Result Update
AhnLab-V3 Spyware/Win32.Zbot 20130331
BitDefender Trojan.Generic.KDZ.12507 20130331
Comodo UnclassifiedMalware 20130331
F-Secure Trojan.Generic.KDZ.12507 20130331
GData Trojan.Generic.KDZ.12507 20130331
Kaspersky UDS:DangerousObject.Multi.Generic 20130331
Malwarebytes Trojan.FakeSky 20130331
TrendMicro-HouseCall TROJ_GEN.F47V0330 20130331
nProtect Trojan.Generic.KDZ.12507 20130331
AVG 20130331
Agnitum 20130330
AntiVir 20130331
Antiy-AVL 20130331
Avast 20130331
ByteHero 20130322
CAT-QuickHeal 20130331
ClamAV 20130331
Commtouch 20130331
DrWeb 20130331
ESET-NOD32 20130331
Emsisoft 20130331
F-Prot 20130331
Fortinet 20130331
Ikarus 20130331
Jiangmin 20130331
K7AntiVirus 20130330
Kingsoft 20130325
McAfee 20130331
McAfee-GW-Edition 20130331
MicroWorld-eScan 20130331
Microsoft 20130331
NANO-Antivirus 20130331
Norman 20130331
PCTools 20130331
Panda 20130331
Rising 20130328
SUPERAntiSpyware 20130331
Sophos 20130331
Symantec 20130331
TheHacker 20130330
TotalDefense 20130331
TrendMicro 20130331
VBA32 20130330
VIPRE 20130331
ViRobot 20130331
eSafe 20130328
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
(c) 2003 - 2012 Skype and/or Microsoft

Publisher Skype Technologies S.A.
Product Skype
Original name Skype.exe
Internal name Skype.exe
File version 6.2.66.106
Description Skype
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-30 18:44:56
Entry Point 0x00001414
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(712)
EVENT_SINK_Release
__vbaEnd
__vbaStrCmp
_allmul
_adj_fdivr_m64
_adj_fprem
Ord(594)
__vbaLenBstr
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
Ord(535)
__vbaInStr
EVENT_SINK_QueryInterface
__vbaStrCopy
__vbaExceptHandler
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
Ord(618)
_adj_fdiv_r
Ord(100)
__vbaUI1I2
__vbaFreeVar
Ord(519)
Ord(536)
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
Ord(606)
_CIcos
Ord(616)
Ord(587)
_adj_fptan
Ord(593)
__vbaFreeObjList
__vbaObjSet
__vbaErrorOverflow
_CIatan
__vbaNew2
_adj_fdivr_m32i
Ord(631)
_CItan
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(537)
__vbaFreeStrList
__vbaFpI4
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_CURSOR 21
RT_GROUP_CURSOR 15
RT_ICON 4
RT_BITMAP 4
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 38
GERMAN 4
NEUTRAL 4
ARABIC NEUTRAL 1
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
29.26

FileSubtype
0

FileVersionNumber
6.2.66.106

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
151552

FileOS
Win32

BuildTime
2/7/2013 12:53:18 PM

MIMEType
application/octet-stream

LegalCopyright
2003 - 2012 Skype and/or Microsoft

FileVersion
6.2.66.106

TimeStamp
2013:03:30 18:44:56+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
Skype.exe

ProductVersion
6.2

FileDescription
Skype

OSVersion
4.0

OriginalFilename
Skype.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Skype Technologies S.A.

CodeSize
53248

ProductName
Skype

ProductVersionNumber
6.2.0.0

EntryPoint
0x1414

ObjectFileType
Executable application

File identification
MD5 cfaf9e3345bb6dc7204d6ad1a266a4c0
SHA1 b82a08ec329955d1dc179edbb187d4e0d8a01724
SHA256 99d8d0e5192a1d19c84b045687efa79faa12eabfb2babb06b11736caf1084a5d
ssdeep
3072:7000WkaNrEl3pzM5yZ7VVWP4ROeMUZdtBLh6m1HSZxznFCSemSzifZG4/:767l3C52hVJMUjtBl5HixznUmSk

File size 204.0 KB ( 208896 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.9%)
Win32 Executable Generic (6.1%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-30 22:15:54 UTC ( 1 year ago )
Last submission 2013-03-31 16:13:13 UTC ( 1 year ago )
File names 6595452984.exe
Skype.exe
6795500234.exe
4195736859.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.