skypec2cautoupdatesvc.exe

Skype Click to Call

Microsoft Corporation

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable skypec2cautoupdatesvc.exe, “Updates Skype Click to Call” has been detected as malware by 12 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “Skype Click to Call Updater”.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Skype Click to Call

Description:
Updates Skype Click to Call

Version:
7.2.15747.10003

MD5:
4f87a31db7fa999cf647fd5a1e68f825

SHA-1:
0424163af2bf669ba647743d2a17e33557fc68b6

SHA-256:
44d310e6452de434da6d77e60adf37315a60cd94a024b3a6308ab29bc26dba61

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
12/25/2024 11:57:04 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Pioneer-C
160518-2

AVG
Win32/Floxif
2015.0.4591

Dr.Web
Win32.FloodFix.7
9.0.1.05190

Emsisoft Anti-Malware
Win32.Floxif
11.5.0.6191

ESET NOD32
Win32/Floxif.H virus
7.0.302.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.15.96

Kaspersky
Virus.Win32.Pioneer
15.0.0.562

McAfee
Trojan.Dropper-FIY!4F87A31DB7FA
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.223.934.0

Norman
Win32.Floxif.A
28.05.2016 15:32:18

Sophos
Virus 'W32/Floxif-C'
5.23

File size:
1.4 MB (1,468,999 bytes)

Product version:
7.2.15747.10003

Copyright:
(c) Microsoft Corporation. All rights reserved.

Original file name:
AutoUpdateSvc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\Program Files\skype\toolbars\autoupdate\skypec2cautoupdatesvc.exe

Digital Signature
Authority:
Microsoft Corporation

Valid from:
3/13/2013 8:31:10 PM

Valid to:
6/13/2014 8:31:10 PM

Subject:
CN=Skype Software Sarl, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
33000000BAC6104032D6DD18900001000000BA

File PE Metadata
Compilation timestamp:
4/12/2014 2:36:37 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
24576:ppnWfk2vlpMflJ7fs3TNwSJHceiUJ2tB2SmMhljC1VnorEH7O:YpM37fu3S1hljC19G

Entry address:
0x6B2BC

Entry point:
E9, A2, 47, FB, FF, E9, 35, FE, FF, FF, 55, 8B, EC, A1, 98, 6E, 53, 00, 85, C0, 75, 1D, E8, 37, E9, 00, 00, 6A, 1E, E8, 8D, E9, 00, 00, 68, FF, 00, 00, 00, E8, 82, EE, 00, 00, A1, 98, 6E, 53, 00, 59, 59, 8B, 4D, 08, 85, C9, 75, 01, 41, 51, 6A, 00, 50, FF, 15, A0, D1, 4F, 00, 5D, C3, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 77, 6F, 53, 57, A1, 98, 6E, 53, 00, 85, C0, 75, 1D, E8, EF, E8, 00, 00, 6A, 1E, E8, 45, E9, 00, 00, 68, FF, 00, 00, 00, E8, 3A, EE, 00, 00, A1, 98, 6E, 53, 00, 59, 59, 85, F6, 74, 04, 8B...
 
[+]

Entropy:
6.4806

Packer / compiler:
Xtreme-Protector v1.05

Code size:
1008 KB (1,032,192 bytes)

Service
Display name:
Skype Click to Call Updater

Service name:
c2cautoupdatesvc

Description:
Downloads and installs product updates.

Type:
Win32OwnProcess

Depends on:
RpcSs


Remove skypec2cautoupdatesvc.exe - Powered by Reason Core Security