× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dbbf78cf454bed18ffd128cdefa2a22e0fe813e8f63548de5b495358c115a5cb
File name: Tzfefx.exe
Detection ratio: 46 / 51
Analysis date: 2014-04-14 13:17:47 UTC ( 4 days, 15 hours ago )
Antivirus Result Update
AVG Generic29.CBUU 20140414
Ad-Aware Trojan.Generic.KDV.750144 20140414
Agnitum Worm.Dorkbot!3Jz2mliuFHI 20140413
AhnLab-V3 Win-Trojan/Dorkbot.936448 20140414
AntiVir TR/Injector.tcc 20140414
Antiy-AVL Trojan/Win32.Bublik 20140414
Avast Win32:Ranbyus-U [Trj] 20140414
Baidu-International Trojan.Win32.Bublik.ay 20140414
BitDefender Trojan.Generic.KDV.750144 20140414
Bkav W32.Clod4c5.Trojan.48d3 20140412
CAT-QuickHeal Trojan.Bublik.iza.cw8 20140414
Commtouch W32/Dorkbot.MMAU-3502 20140414
Comodo UnclassifiedMalware 20140414
DrWeb BackDoor.IRC.NgrBot.42 20140414
ESET-NOD32 Win32/Dorkbot.B 20140414
Emsisoft Trojan.Generic.KDV.750144 (B) 20140414
F-Prot W32/Dorkbot.EH 20140414
F-Secure Worm:W32/Dorkbot.C 20140414
Fortinet W32/Dorkbot.B!tr 20140413
GData Trojan.Generic.KDV.750144 20140414
Ikarus Trojan.Win32.Bublik 20140414
Jiangmin Worm/Colowned.a 20140414
K7AntiVirus Trojan ( 0001589d1 ) 20140414
K7GW Trojan ( 0001589d1 ) 20140414
Kaspersky Trojan.Win32.Bublik.iza 20140414
Kingsoft Win32.Troj.Bublik.(kcloud) 20140414
Malwarebytes Trojan.FakeSkype 20140414
McAfee Ainslot.b 20140414
McAfee-GW-Edition Ainslot.b 20140414
MicroWorld-eScan Trojan.Generic.KDV.750144 20140414
Microsoft Worm:Win32/Dorkbot.I 20140414
NANO-Antivirus Trojan.Win32.Bublik.zfmnt 20140414
Norman Ransom.DNS 20140414
Panda W32/SpySkype.G.worm 20140414
Qihoo-360 Win32/Trojan.f77 20140414
Rising PE:Trojan.Win32.Generic.13317785!322008965 20140414
Sophos W32/Dorkbot-DE 20140414
Symantec W32.IRCBot.NG 20140414
TheHacker Trojan/Bublik.iza 20140413
TotalDefense Win32/Dorkbot.OS 20140414
TrendMicro WORM_DORKBOT.DN 20140414
TrendMicro-HouseCall WORM_DORKBOT.DN 20140414
VBA32 Worm.Ngrbot 20140414
VIPRE Trojan.Win32.vbkryptonian.cdg 20140413
ViRobot Trojan.Win32.A.Bublik.936448.A 20140414
nProtect Trojan/W32.Agent.936448.Y 20140414
AegisLab 20140414
ByteHero 20140414
CMC 20140411
ClamAV 20140414
SUPERAntiSpyware 20140413
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
(c) Skype Technologies S.A.

Publisher Skype Technologies S.A.
Product Skype
Original name Skype.exe
Internal name Skype.exe
File version 5.10.0.116
Description Skype
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-10-05 22:24:55
Link date 11:24 PM 10/5/2012
Entry Point 0x00001000
Number of sections 8
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
SetHandleCount
GetOEMCP
ExitProcess
TlsAlloc
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetLocalTime
GetStartupInfoA
GetEnvironmentStrings
SetConsoleCtrlHandler
UnhandledExceptionFilter
GetCommandLineA
GetProcAddress
GetProcessHeap
SetFilePointer
RaiseException
GetCPInfo
TlsFree
GetModuleHandleA
WriteFile
CloseHandle
GetACP
GetStringTypeW
GetCurrentThreadId
GlobalMemoryStatus
VirtualFree
TlsGetValue
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
GetVersion
VirtualAlloc
SendNotifyMessageA
MapVirtualKeyA
GetGuiResources
ToAsciiEx
SetDebugErrorLevel
SetWindowLongW
DlgDirSelectComboBoxExA
GetWindowRect
MoveWindow
LoadCursorFromFileA
MessageBoxA
GetAsyncKeyState
IsCharAlphaNumericA
LoadAcceleratorsW
GetMenuCheckMarkDimensions
GetClipboardFormatNameA
TrackPopupMenuEx
wsprintfA
SetMessageExtraInfo
EnumThreadWindows
DdeCreateDataHandle
RealChildWindowFromPoint
TabbedTextOutW
GetWindowInfo
DialogBoxIndirectParamA
PE exports
Number of PE resources by type
RT_ICON 34
RT_STRING 17
RT_GROUP_ICON 10
RT_RCDATA 5
TYPELIB 1
RT_MANIFEST 1
Struct(37) 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 50
NEUTRAL 19
ENGLISH EIRE 1
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
5.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.10.0.116

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Skype

CharacterSet
Windows, Latin1

InitializedDataSize
904192

FileOS
Win32

BuildTime
7/13/2012 1:28:41 PM

MIMEType
application/octet-stream

LegalCopyright
(c) Skype Technologies S.A.

ResourcesEditedWith
Restorator 2007 Trial

FileVersion
5.10.0.116

TimeStamp
2012:10:05 23:24:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Skype.exe

FileAccessDate
2014:04:14 14:14:07+01:00

ProductVersion
5.1

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:04:14 14:14:07+01:00

OriginalFilename
Skype.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Skype Technologies S.A.

ResourceEditorWWW
http://www.bome.com/Restorator/

CodeSize
32768

ProductName
Skype

ProductVersionNumber
5.10.0.0

EntryPoint
0x1000

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 98f74b530d4ebf6850c4bc193c558a98
SHA1 4502dc31ac27dd290f14b83932d45499dddaecb9
SHA256 dbbf78cf454bed18ffd128cdefa2a22e0fe813e8f63548de5b495358c115a5cb
ssdeep
12288:DGS73cMzWQ/zDSUZmU888888888888W888888888883VR4K2RC:DGS7MMzWQ/GK

imphash c301e859cfe6664c4d85c32c8fb1164d
File size 914.5 KB ( 936448 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library - Borland C/C++ (88.6%)
Windows Screen Saver (5.2%)
Win32 Dynamic Link Library (generic) (2.6%)
Win32 Executable (generic) (1.8%)
Generic Win/DOS Executable (0.8%)
Tags
peexe

VirusTotal metadata
First submission 2012-10-06 00:12:44 UTC ( 1 year, 6 months ago )
Last submission 2014-04-14 13:17:47 UTC ( 4 days, 15 hours ago )
File names Yilkli.exe
Anmama.exe
file-4597954_exe
Tzfefx.exe
skype.exe
e621ca05.exq
Eokykc.exe
skype_05102012_image.exe-
Tzfefx (Kopie).exe
1349531804.98F74B530D4EBF6850C4BC193C558A98.exe
YFUHJDFYUGVKYFKFKV.exe
skype_05102012_image-1.exe
Zibabz.exe
skype_05102012_image.exe
Tzfefx.ex
smona_dbbf78cf454bed18ffd128cdefa2a22e0fe813e8f63548de5b495358c115a5cb.bin
Wbhahw.exe
skype_05102012_image.exe_
98f74b530d4ebf6850c4bc193c5
skype_05102012_image[1].exe
Yilolm.exe
Exbsbw.exe
98F74B530D4EBF6850C4BC193C558A98.bin
Xtvuvr.exe
98f74b530d4ebf6850c4bc193c558a98
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs