skypec2cautoupdatesvc.exe

Skype Click to Call

Microsoft Corporation

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable skypec2cautoupdatesvc.exe, “Updates Skype Click to Call” has been detected as malware by 10 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “Skype Click to Call Updater”.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Skype Click to Call

Description:
Updates Skype Click to Call

Version:
7.2.15747.10003

MD5:
bfa98c1c3173d0664566dbf059e82b26

SHA-1:
386f886f94867e4007c20087f57927bf30e0d6ac

SHA-256:
8976b6b0354665e88355992701e296f6b2dd38e9f9595f79fa9fa743e2f65440

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
12/25/2024 12:15:19 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Pioneer-C
160414-2

AVG
Win32/Floxif
2015.0.4604

Dr.Web
Win32.FloodFix.7
9.0.1.05190

Emsisoft Anti-Malware
Win32.Floxif
11.5.0.6191

ESET NOD32
Win32/Floxif.H virus
7.0.302.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.15.96

Kaspersky
Virus.Win32.Pioneer
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.225.531.0

Norman
Win32.Floxif.A
28.05.2016 15:32:18

File size:
1.4 MB (1,468,999 bytes)

Product version:
7.2.15747.10003

Copyright:
(c) Microsoft Corporation. All rights reserved.

Original file name:
AutoUpdateSvc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\Program Files\skype\toolbars\autoupdate\skypec2cautoupdatesvc.exe

Digital Signature
Authority:
Microsoft Corporation

Valid from:
3/13/2013 8:31:10 PM

Valid to:
6/13/2014 8:31:10 PM

Subject:
CN=Skype Software Sarl, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
33000000BAC6104032D6DD18900001000000BA

File PE Metadata
Compilation timestamp:
4/11/2014 11:36:37 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
24576:ppnWfI2vlpMflJ7fs3nNwSJHceiU32tB2SmMhljC1VnorEH7f:opM37f2pS1hljC19n

Entry address:
0x6B2BC

Entry point:
E9, 08, 4B, 04, 00, E9, 35, FE, FF, FF, 55, 8B, EC, A1, 98, 6E, 53, 00, 85, C0, 75, 1D, E8, 37, E9, 00, 00, 6A, 1E, E8, 8D, E9, 00, 00, 68, FF, 00, 00, 00, E8, 82, EE, 00, 00, A1, 98, 6E, 53, 00, 59, 59, 8B, 4D, 08, 85, C9, 75, 01, 41, 51, 6A, 00, 50, FF, 15, A0, D1, 4F, 00, 5D, C3, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 77, 6F, 53, 57, A1, 98, 6E, 53, 00, 85, C0, 75, 1D, E8, EF, E8, 00, 00, 6A, 1E, E8, 45, E9, 00, 00, 68, FF, 00, 00, 00, E8, 3A, EE, 00, 00, A1, 98, 6E, 53, 00, 59, 59, 85, F6, 74, 04, 8B...
 
[+]

Entropy:
6.4770

Packer / compiler:
Xtreme-Protector v1.05

Code size:
1008 KB (1,032,192 bytes)

Service
Display name:
Skype Click to Call Updater

Service name:
c2cautoupdatesvc

Description:
Downloads and installs product updates.

Type:
Win32OwnProcess

Depends on:
RpcSs


Remove skypec2cautoupdatesvc.exe - Powered by Reason Core Security