home

skype_7.33.exe

Muf

Sivensys SRL

The executable skype_7.33.exe, “Muf Setup ” has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from www.funcentralnew.com and multiple other hosts.
Publisher:
Sivensys SRL  (signed and verified)

Product:
Muf

Description:
Muf Setup

Version:
3.1.3.0

MD5:
e00b67fdf38cc4ae9d829f42a4420eff

SHA-1:
0c84514fee431a5ccf99e53347ab43fd25db2b09

SHA-256:
38cf53cce00155e113841e653a31ecbb87829e0e47531d43d00137577957dc28

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/24/2024 2:02:04 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.2.22.10

File size:
1.2 MB (1,299,912 bytes)

Product version:
1.0.9

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\skype_7.33.exe

Digital Signature
Signed by:
Sivensys SRL

Authority:
GlobalSign nv-sa

Valid from:
10/20/2016 12:04:57 PM

Valid to:
10/21/2017 12:04:57 PM

Subject:
CN=Sivensys SRL, O=Sivensys SRL, L=IASI, C=RO

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE

Serial number:
0D38E905F0B0BA5733036DFB

File PE Metadata
Compilation timestamp:
6/20/1992 2:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xAA98

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9855

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
40.5 KB (41,472 bytes)

The file skype_7.33.exe has been seen being distributed by the following 8 URLs.

http://www.funcentralnew.com/dhssSstkASlyPKvhYbGdoHqBK YAP1bz8erVZZzbRXAagOS3Yugkj1ouCFqZGNkQMr7QHxH2Rl89emt2QzSmJA8ohc0KsJgUbHm5_ZBY4YAJecn0Mo4 c2ccwwaD4flYSjWt ELzOVw2t0eSBN8J2rAnZ810Bfy9oyMayDjRy5taJl1kl6tVni3Jhez4MTebarduH4JY2byD0jq46rbFkwYY5wWqKW4BkjUuvuB1cmFzL_hNThTavYhqkJADqlrftGBgQz75JBICmo2paNyTAqTERTXDzMArgv2RAiCG5RSD5K3CG1lvzqBPLcRDUtLyURxLxr cAYhgYQGN2DAYnpLY bNcE61A2eTMVrb2Z9LL5zusvbSIaFfzlPZU3gp8kRoHPiVzUNVkay5ZtGG3fWI4UwlHFXPmFyCj 5uPrB5ROqNRU5JBDdsSv1iiY7izdPajl5I5-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA-e

http://www.funcentralnew.com/EDYtpwDRNTF1YYC1FajBIdZihPhs2rYkdyj5hm7uhKSpZQdjmQQIgtxcmjrj8fi2CG86CTOz2CpMfhsh8tfJv6uxp_RUsIPG3MBUoJeLAd2_Jshdk2uTLBMWbJ4jyq508iY7WHx_4q9QmEaMidNCB6VJTxrneaP_lsSelxT9DSDehvJRU8VQCV61h9L_MknbeaRBt BC8t9h8MFZ84iZtdCWHIC5WfyRaeNi2kJTI3oGoe5eUVuPBbUhQpLqaYX2vePW2savcUdmCNZv3KkixXlJl_0AHqM5DYrZOfwX1_3hebMqMEyDxJ8GtROBbHjvBRM5YzqbGofM4uhFn95NzPGAU5bFUY_iLZ13nraiNNlI3JR1FhpF5oL47T8RTHKy15P_FnX6BwgywMd8NVq6bdVF59_VvikfxEXcnIxiufLqF28TISe8sLPglLymPXmr_jJSzKms-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA-e

http://www.funcentralnew.com/IsbpVt8VgcXbNOud3mbmMqS8KOXUwEqXh8NO8GsSoPgpYwKFODl7HdvYYrA0W0hsMsz_6WxirfmTAolHkCPWplkDrLRdHrppVTCT3umNSlzwUSL74tv5dhJMTRK7mnHO52aIADvWiU2rWhzjJHI4fm6AQ2RHo4JJfdIbxCOWac qSlmo8gDlcrilGYA0gh7J1KSiBLLCw0FgsJVPPJr543w tKLEwQ==-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA

http://www.funcentralnew.com/NO_e9Fnh5 j lib ZD8nKNGzcyIwxmpcGScT_9mr_5qLt ywHVIeQcPrcwJCa Cg4gCenZfO2cw32RFxqggiAIUg06Srgu3Lxbx5FlZJrfWO8MV_Q9qtR_u6c4s8tiyGt5k MD3ZMppyGLlf7TwY3dAamE4NuxQti_CMLYhRkEQAgxbMv4VQqFRmLZPCnfew1pYbY1DfZHYVKJg9pSsmnu8hhlFoM_zEYRgfB6lyUJql_La3_2P36hPDi6uSGQBkDgD7DB1bUyqmpkxyTDVs8nuiS_ LX2fbagZm2gOpe83t5l zRq0hB1Mbk7Jhenv9cOc_59iO2WMXDSMzAMosqX2 s2BI1ZGz_Vn2VViXM16O8Bbpsq_MI9iYmQLD8WYoFdGuNLrGrHP07sqcNmq 626SjIWZhVmxAvMKfvKwjGW4G_BYqtOkVQCAvneTrBZsMTCMPd1s-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA-e

http://www.funcentralnew.com/a QMqoZRBah9PHnm_M jq1iEIxWT1qd43INS92WcuKEu2n kLIwja00Yfe45eveSaI7zrRvsfU6rS8O_qDeaHqHF87z7qHy1Z2N_qtfCHm09o3ZAmWHN039LQQZqtfUkOC3hsYmAyDAmSE5catX6JsZYwrduPVN9g5yWAZNZnwxC5i8B1KHa3AW knayYe3AsR1aGfSvK6r9Yo951pQuz8quZMTKkeSvxv5ubKqCdvQTEf07RE5cxLs SNR2SsoSJoRWar0XJ9cn_j6KQc2u_Kt1GxFmsuNeJhcLgyhg8o5Khz16tLJD0ihGsoNWkP7gezQBPqB6zCNlYB8hoSJuR69hHUUdYCEl43aLMc6_2ZEHqAJFDnnrm9SumsPrr0miN0Sh2tUN5uE S62SV2b8espYuFUVvwaMwJA84m7oXYCTNRPiJPSolhKFLgMkvlXbw3a3pxgt-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA-e

http://www.funcentralnew.com/1I 8ydssTeSSVoNCyZXayFFxnxGn2pNCATbVf6AvbeB7F45FtzUwzDaWAbsJso5SlG7vXP Xm1vaK3sgxA0gTM4rTdFXpd4 Jktq8jgqkDcwfljdcYggLqGpwvjxGO98GVHCuCXnrOW6O6JRTqI6h45CAf9PGGtmWFUzMn6M334DApOIRXFtBY1Xdt49pRyg4O3xYG3v9JuVRilvPacXGiGH3REkQ117VHuH8Z4vn7r026XaHnlUhp9 I hCgo1Z3pXf2Jues DGB g uvxaJVZxnw8qOAUpOo25VJtszSqdWl8xRIBvmuwN8s4aE7KYcQprd9kMrIZt9_oqiRfku_Lj91iezwKPUPiIkdRY5uBkIF3lgYS1ov8JhmeHq2KPdAYQjkpByp6W lsH9dZu0F02dQUH1H_C26lvzHHwEugPdNQnM9NSilr6TgVCNsKSQ6KcmKIT-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA-e

http://www.funcentralnew.com/g1IOldo1XOXPLnVGxif7u0 I3iR_wPsyRVF_rg6M_fL3YeB7 1OqAYTR52FHEdkUH4gf nMx3MBaaiwLeMGMOUcf7hwAKDXr0pwCgkIQYubzjEDVdb_Ivm4EFq llKCy9l1r8X XETqFw_0Gx6vFtkQ2UJrl5cPcaiJimKJhmQ4vkGdaCyHf5Mw4ZL4UQLqEjsvKp06nw7oES0y5e1AjH_g jMg8IQ==-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA

http://www.funcentralnew.com/bKioQ5GT4MqFwLpG1LM9yYyTKfJ6lkNCfM_8WiSfDS1GPapzlS4CZW68QHWb05rTT32BKkBXwo6uVmk0krkEEl0ZxIldLAOTGumADdpJwXmqdnOqKZAASxDrSzsgloWV8xZoo0sVe2O9Nsam9StOulPtHlr_6IuQhzM8FvnSpAeeVq8KxdPX1x5Jf_XAJHMVFUmxGtj9848MvsZpTN914U6qwtANj9cuH2q233wctNb5oOMYs5G4tsg5JXdG1KfrgyXZSAamWAwnBilT807G X9RyXnijsxqNCrWE35auSOiL5fnI0NagRCRC4zyojgGr8PorWlhTlCzINrzjmtpz3rwEXKthZPTIvJD0av8Oj NxO2TE4DdI4p8uBYN6Z9HW3Bu8EcUF12Lbb2g2kR6BiUyy_at4I4zwIbKCDGSRbxYM6wHxqzMFKEFkEBXvfy0pvOnSwSD-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA-e

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-214-247-42.eu-west-1.compute.amazonaws.com  (52.214.247.42:80)

TCP (HTTP):
Connects to ec2-54-154-109-8.eu-west-1.compute.amazonaws.com  (54.154.109.8:80)

TCP (HTTP):
Connects to ec2-176-34-130-130.eu-west-1.compute.amazonaws.com  (176.34.130.130:80)

TCP (HTTP SSL):
Connects to generic.external.zlb.scl3.mozilla.com  (63.245.213.12:443)

TCP (HTTP):
Connects to ec2-54-154-190-87.eu-west-1.compute.amazonaws.com  (54.154.190.87:80)

TCP (HTTP):
Connects to ec2-52-50-196-247.eu-west-1.compute.amazonaws.com  (52.50.196.247:80)

TCP (HTTP):
Connects to ec2-52-30-226-196.eu-west-1.compute.amazonaws.com  (52.30.226.196:80)

TCP (HTTP):
Connects to ec2-52-30-150-214.eu-west-1.compute.amazonaws.com  (52.30.150.214:80)

TCP (HTTP):
Connects to ec2-52-208-40-227.eu-west-1.compute.amazonaws.com  (52.208.40.227:80)

TCP (HTTP):
Connects to 50.115.122.45.static.westdc.net  (50.115.122.45:80)

TCP (HTTP):
Connects to ec2-54-154-229-88.eu-west-1.compute.amazonaws.com  (54.154.229.88:80)

TCP (HTTP):
Connects to server-54-192-159-241.sin3.r.cloudfront.net  (54.192.159.241:80)

TCP (HTTP):
Connects to server-52-85-173-58.fra6.r.cloudfront.net  (52.85.173.58:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.82.42:80)

TCP (HTTP):
Connects to hosted-by.leaseweb.com  (199.58.87.155:80)

TCP (HTTP):
Connects to ec2-54-213-173-59.us-west-2.compute.amazonaws.com  (54.213.173.59:80)

TCP (HTTP):
Connects to ec2-54-191-59-48.us-west-2.compute.amazonaws.com  (54.191.59.48:80)

TCP (HTTP):
Connects to ec2-52-49-170-39.eu-west-1.compute.amazonaws.com  (52.49.170.39:80)

TCP (HTTP):
Connects to 92b91b35.rdns.100tb.com  (146.185.27.53:80)

TCP (HTTP):
Connects to 10gbps.io  (185.59.222.146:80)

Remove skype_7.33.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.