× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: 51100553d15597e9d0ca98aa0f3be3ab5a49c0ca10808456b7a92884296e1b68
SHA1: abfb848dfbc729ebf9e25b0ed13886ff668b43fc
MD5: e8e2ba08f9aff27eed45daa8dbde6159
File size: 925.0 KB ( 947200 bytes )
File name: skype_06102012_image.exe
File type: Win32 EXE
Tags: peexe
Detection ratio: 3 / 33
Analysis date: 2012-10-07 16:35:32 UTC ( 4 分 ago ) View latest
More details
Antivirus Result Update
MicroWorld-eScan - 20121005
nProtect - 20121005
CAT-QuickHeal - 20121004
McAfee - 20121005
TheHacker - 20121005
K7AntiVirus - 20121005
F-Prot - 20121005
ESET-NOD32 - 20121005
TrendMicro-HouseCall - 20121005
Avast - 20121005
ClamAV - 20121005
BitDefender - 20121005
SUPERAntiSpyware - 20120911
Emsisoft - 20120919
Comodo - 20121005
VIPRE Backdoor.Win32.Hupigon (v) 20121005
McAfee-GW-Edition - 20121005
Sophos - 20121005
Jiangmin - 20121004
Antiy-AVL - 20121004
Kingsoft - 20120925
Microsoft - 20121005
ViRobot - 20121005
AhnLab-V3 Trojan/Win32.Ransomlock 20121005
GData - 20121005
Commtouch - 20121005
TotalDefense - 20121004
VBA32 - 20121005
PCTools - 20121005
Rising - 20120928
Ikarus - 20121005
Fortinet - 20121005
Panda Trj/CI.A 20121005
No comments
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes
More votes
ssdeep
12288:mLS73cMzWQ/zDSUZmU888888888888W888888888883VR2mzA8:uS7MMzWQ/cL8
TrID
Win32 Dynamic Link Library - Borland C/C++ (91.6%)
Win32 Executable Generic (3.5%)
Win32 Dynamic Link Library (generic) (3.1%)
Generic Win/DOS Executable (0.8%)
DOS Executable Generic (0.8%)
ExifTool
SubsystemVersion.........: 4.0
InitializedDataSize......: 914432
ImageVersion.............: 0.0
ProductName..............: Skype
FileVersionNumber........: 5.10.0.116
UninitializedDataSize....: 0
LanguageCode.............: English (U.S.)
FileFlagsMask............: 0x003f
CharacterSet.............: Windows, Latin1
LinkerVersion............: 5.0
OriginalFilename.........: Skype.exe
FileType.................: Win32 EXE
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
ResourcesEditedWith......: Restorator 2007 Trial
FileVersion..............: 5.10.0.116
TimeStamp................: 2012:10:06 18:15:19+01:00
BuildTime................: 7/13/2012 1:28:41 PM
PEType...................: PE32
InternalName.............: Skype.exe
ProductVersion...........: 5.1
FileDescription..........: Skype
OSVersion................: 4.0
FileOS...................: Win32
LegalCopyright...........: (c) Skype Technologies S.A.
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: Skype Technologies S.A.
ResourceEditorWWW........: http://www.bome.com/Restorator/
CodeSize.................: 32768
FileSubtype..............: 0
ProductVersionNumber.....: 5.10.0.0
EntryPoint...............: 0x1000
ObjectFileType...........: Executable application
Sigcheck
publisher................: Skype Technologies S.A.
product..................: Skype
internal name............: Skype.exe
copyright................: (c) Skype Technologies S.A.
original name............: Skype.exe
file version.............: 5.10.0.116
description..............: Skype
Portable Executable structural information
Compilation timedatestamp.....: 2012-10-06 17:15:19
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x00001000

PE Sections...................:

Name        Virtual Address  Virtual Size  Raw Size  Entropy  MD5
.text                  4096         32768     31232     6.56  3ede828933f0c40296876fb6083cc779
.data                 36864         16384     11264     5.18  17fa7e47e7b5421fe4a6ef970a0f742e
.tls                  53248          4096       512     0.00  bf619eac0cdf3f68d496ea9344137e8b
.rdata                57344          4096       512     0.20  2ec3a2ad62476ef348c9d7e411ee6a4b
.idata                61440          4096      1536     3.61  821019417fb5258157c4d8047a8d1d4f
.edata                65536          4096       512     1.29  1334f80bc02f32645826289175b2cd45
.rsrc                 69632        901120    898048     4.96  0d0e53a2219e1cc230e2071d87a0ff26
.reloc               970752          4096      2048     6.47  815594d246d5ca9455a755037f7ba096

PE Imports....................:

[[KERNEL32.DLL]]
GetLastError, HeapFree, GetStdHandle, SetHandleCount, GetOEMCP, ExitProcess, TlsAlloc, GetVersionExA, GetModuleFileNameA, RtlUnwind, LoadLibraryA, GetLocalTime, GetStartupInfoA, GetEnvironmentStrings, SetConsoleCtrlHandler, UnhandledExceptionFilter, GetCommandLineA, GetProcAddress, GetProcessHeap, SetFilePointer, RaiseException, GetCPInfo, TlsFree, GetModuleHandleA, WriteFile, CloseHandle, GetACP, GetStringTypeW, GetCurrentThreadId, GlobalMemoryStatus, VirtualFree, TlsGetValue, GetFileType, TlsSetValue, CreateFileA, HeapAlloc, GetVersion, VirtualAlloc

[[USER32.DLL]]
AnimateWindow, wsprintfA, MessageBoxA, EnumThreadWindows


PE Exports....................:

__GetExceptDLLinfo, ___CPPdebugHook

PE Resources..................:

Resource type            Number of resources
RT_ICON                  34
RT_STRING                17
RT_GROUP_ICON            10
RT_GROUP_CURSOR          7
RT_CURSOR                7
RT_RCDATA                5
TYPELIB                  1
RT_MANIFEST              1
Struct(45)               1
RT_VERSION               1

Resource language        Number of resources
ENGLISH US               64
NEUTRAL                  19
ENGLISH EIRE             1
Symantec Reputation
Suspicious.Insight
F-Secure Deepguard
Suspicious:W32/Malware!Online
ClamAV PUA Engine
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/support/faq/pua.
First seen by VirusTotal
2012-10-06 17:46:44 UTC ( 22 時間, 53 分 ago )
Last seen by VirusTotal
2012-10-07 16:37:52 UTC ( 2 分 ago )
File names (max. 25)
  1. file-4601133_exe
  2. skype_06102012_image.exe
  3. skype_06102012_image.exe.dat
  4. skype_06102012_image.e-x-e
  5. skype_06102012_image[1].exe
  6. Skype.exe
  7. 1349619948.skype_06102012_image.exe
  8. skype_06102012_image.e
  9. Ihgugc.exe

The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.

Process activity
Created processes...
C:\51100553d15597e9d0ca98aa0f3be3ab5a49c0ca10808456b7a92884296e1b68 (successful)
Code injections in the following processes...
51100553d15597e9d0ca98aa0f3be3ab5a49c0ca10808456b7a92884296e1b68 (failed)

Mutex activity
Opened mutexes...
ShimCacheMutex (successful)

Runtime DLLs

user32 (successful)
advapi32.dll (successful)
ntdll (successful)
Blog | Twitter | | Google groups | ToS | Privacy policy