× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b727771bcb35da01f739a26a3b60f2a31bcc29954b9848ffff3ec4deb222133a
File name: skypequote.exe
Detection ratio: 1 / 45
Analysis date: 2013-02-06 18:42:32 UTC ( 6 years, 2 months ago ) View latest
Antivirus Result Update
AVG Suspicion: unknown virus 20130206
Yandex 20130206
AntiVir 20130206
Antiy-AVL 20130206
Avast 20130206
BitDefender 20130206
ByteHero 20130204
CAT-QuickHeal 20130206
ClamAV 20130206
Commtouch 20130206
Comodo 20130206
DrWeb 20130206
Emsisoft 20130206
eSafe 20130206
ESET-NOD32 20130206
F-Prot 20130201
F-Secure 20130206
Fortinet 20130206
GData 20130206
Ikarus 20130206
Jiangmin 20121221
K7AntiVirus 20130206
Kaspersky 20130206
Kingsoft 20130204
Malwarebytes 20130206
McAfee 20130206
McAfee-GW-Edition 20130206
Microsoft 20130206
eScan 20130206
NANO-Antivirus 20130206
Norman 20130206
nProtect 20130206
Panda 20130206
PCTools 20130206
Rising 20130205
Sophos AV 20130206
SUPERAntiSpyware 20130206
Symantec 20130206
TheHacker 20130205
TotalDefense 20130206
TrendMicro 20130206
TrendMicro-HouseCall 20130206
VBA32 20130206
VIPRE 20130206
ViRobot 20130206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT appended, UPX, ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-11-10 09:40:35
Entry Point 0x0027E960
Number of sections 3
PE sections
Overlays
MD5 adad9398110e227c41f4f738c91e5d20
File type application/zip
Offset 1386496
Size 8004578
Entropy 8.00
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
GetFocus
Number of PE resources by type
RT_ICON 10
PYTHON27.DLL 1
RT_GROUP_ICON 1
PYTHONSCRIPT 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 14
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2008:11:10 10:40:35+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1019904

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x27e960

InitializedDataSize
368640

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
1593344

Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 5b30fb057cac9304066817a52bf81749
SHA1 04cc9e6a466a9828c8387ac29e3363752969bea7
SHA256 b727771bcb35da01f739a26a3b60f2a31bcc29954b9848ffff3ec4deb222133a
ssdeep
196608:BRp2OIidvwBScjj8utWRqt4uwQMpZcrP9Yf4EsCdTx/4pb4x4O:Bnbdvsji64uwQM7crPhEsCTsbnO

authentihash 689a195b6e4676c89f361412ec881481069b391dca078436f1a7851f25c4b7c6
imphash c0d9834cfeeb38692d50b64900f77acc
File size 9.0 MB ( 9391074 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (28.0%)
UPX compressed Win32 Executable (27.5%)
Win32 EXE Yoda's Crypter (27.0%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2011-09-08 19:06:21 UTC ( 7 years, 7 months ago )
Last submission 2018-08-07 21:05:01 UTC ( 8 months, 2 weeks ago )
File names file-2772538_exe
skype quote faker.exe
SkypeQuoteEditor.exe
Skype Quote.exe
FakeSkypeQuote.exe
Skypequote.exe
skypequote.exe
skypequote[1].exe
skypequote.exe
filename
skype quote (real).exe
Skype Quote Generator.exe
skypequote(5).exe
skypequote2.exe
skypequote.exe
skypefakequote.exe
skypequote.exe.dat
skypequote(4).exe
skypequote.exe.log
The_Ultimate_Skype_Hack.exe
не винлокер.exe
Sype.exe
file-3140962_exe
Skype Quote Hack.exe
Fake Skype Quoter.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
clipboard-monitor

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!