× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: d54cb7d5f01e4d2e34b15b08581aef3e8cf5d2b6a233017d75a80c9fbdae1be0
Имя файла: SkypeSetupFull_proga.kz.exe
Показатель выявления: 1 / 53
Дата анализа: 2014-12-23 16:44:38 UTC (3 лет, 9 месяцев назад) Показать последний анализ
Антивирус Результат Дата обновления
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20141223
Ad-Aware 20141223
AegisLab 20141223
Yandex 20141222
AhnLab-V3 20141223
ALYac 20141223
Antiy-AVL 20141223
Avast 20141223
AVG 20141223
Avira (no cloud) 20141223
Baidu-International 20141223
BitDefender 20141223
Bkav 20141223
ByteHero 20141223
CAT-QuickHeal 20141223
ClamAV 20141223
CMC 20141218
Comodo 20141223
Cyren 20141223
DrWeb 20141223
Emsisoft 20141223
ESET-NOD32 20141223
F-Prot 20141223
F-Secure 20141223
Fortinet 20141223
GData 20141223
Ikarus 20141223
Jiangmin 20141222
K7AntiVirus 20141223
K7GW 20141223
Kaspersky 20141223
Kingsoft 20141223
Malwarebytes 20141223
McAfee 20141223
McAfee-GW-Edition 20141223
Microsoft 20141223
eScan 20141223
NANO-Antivirus 20141223
Norman 20141223
nProtect 20141223
Panda 20141223
Qihoo-360 20141223
Sophos AV 20141223
SUPERAntiSpyware 20141223
Symantec 20141223
Tencent 20141223
TheHacker 20141222
TotalDefense 20141223
TrendMicro 20141223
TrendMicro-HouseCall 20141223
VBA32 20141223
VIPRE 20141223
ViRobot 20141223
Zillya 20141223
Zoner 20141223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
(c) Skype Technologies S.A.

Product Skype
Original name SkypeSetup.exe
Internal name SkypeSetup.exe
File version 7.0.0.102
Description Skype
Signature verification Signed file, verified signature
Signing date 12:34 PM 12/11/2014
Signers
[+] Skype Software Sarl
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Code Signing PCA
Valid from 9:30 PM 5/14/2014
Valid to 9:30 PM 8/14/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 47DFD0F96F7E0EFB6199DEC35C7B8EFEB93040A4
Serial number 33 00 00 00 CE 0C BE EA B1 28 23 24 42 00 01 00 00 00 CE
[+] Microsoft Code Signing PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 8/31/2010
Valid to 11:29 PM 8/31/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 6:13 PM 5/23/2014
Valid to 6:13 PM 8/23/2015
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ED88561AED183D68841DB59DADE00227E57CA234
Serial number 33 00 00 00 59 D6 73 CD 51 8E F0 22 C5 00 00 00 00 00 59
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 1:53 PM 4/3/2007
Valid to 2:03 PM 4/3/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-11 11:30:29
Entry Point 0x02ED1380
Number of sections 3
PE sections
Overlays
MD5 def5dbe859f091e059d82bbe7fa75696
File type data
Offset 44828160
Size 15968
Entropy 7.44
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
ImageList_Add
CryptMsgClose
SetLayout
AlphaBlend
IsEqualGUID
LresultFromObject
VariantCopy
SHGetMalloc
VerQueryValueW
InternetOpenW
OpenPrinterW
WinVerifyTrust
Number of PE resources by type
LANGZIP 38
RT_RCDATA 31
RT_BITMAP 21
RT_STRING 20
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_ICON 5
MSIZIP 2
RT_MANIFEST 1
BINGCHECKER 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 110
NEUTRAL 25
PE resources
ExifTool file metadata
UninitializedDataSize
4562944

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.0.0.102

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Skype

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

InitializedDataSize
303104

EntryPoint
0x2ed1380

BuildTime
12/11/2014 11:30:18 AM

OriginalFileName
SkypeSetup.exe

MIMEType
application/octet-stream

LegalCopyright
(c) Skype Technologies S.A.

FileVersion
7.0.0.102

TimeStamp
2014:12:11 12:30:29+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SkypeSetup.exe

ProductVersion
7.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Skype Technologies S.A.

CodeSize
44527616

ProductName
Skype

ProductVersionNumber
7.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Compressed bundles
File identification
MD5 9a3c172f6f597c1076a66987262a6038
SHA1 1c29548ce14ac1e8762727190628eab4cfe2096c
SHA256 d54cb7d5f01e4d2e34b15b08581aef3e8cf5d2b6a233017d75a80c9fbdae1be0
ssdeep
786432:5J5VP8jaAEGUrzeqBwFng9jFdZ6sh+/0JljeenSNm0W8ttwV93oDbnWT:a3UuqW698shO0rjMNnq92CT

authentihash 21b7da5106d67a0e5dc975247211b0de3f34f438b504ef7e7c115a6cb8c586b8
imphash 802e2b841d5067d49b802287da1fcb1d
Размер файла 42.8 MБ ( 44844128 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.1%)
Win32 EXE Yoda's Crypter (41.4%)
Win32 Executable (generic) (7.0%)
OS/2 Executable (generic) (3.1%)
Generic Win/DOS Executable (3.1%)
Tags
peexe signed upx overlay

VirusTotal metadata
First submission 2014-12-12 15:02:13 UTC (3 лет, 9 месяцев назад)
Last submission 2018-05-17 18:29:53 UTC (4 месяцев, 1 неделя назад)
Имена файлов SkypeSetup.exe
bite90a.tmp
bit7814.tmp
bit8543.tmp
bit8c7d.tmp
bite4ca.tmp
bit48cb.tmp
bitf3a0.tmp
bit953b.tmp
bit454a.tmp
bitaf47.tmp
bit5422.tmp
bit72b.tmp
Skype v7.0.59.102.exe
bit598f.tmp
bit16b8.tmp
bitad1c.tmp
bita27c.tmp
bitb221.tmp
Skype_Rus_Full_Setup [1].exe
bitf15c.tmp
bit5e69.tmp
bit78f0.tmp
bitf8ad.tmp
bitf6f.tmp
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!