skypec2cpnrsvc.exe

Skype Click to Call

Microsoft Corporation

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable skypec2cpnrsvc.exe, “Phone Number Recognition (PNR) module” has been detected as malware by 10 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “Skype Click to Call PNR Service”.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Skype Click to Call

Description:
Phone Number Recognition (PNR) module

Version:
7.2.15747.10003

MD5:
ca7600cbad9249c7d065930ce397fa61

SHA-1:
c647d2d3540296d59d5eb26e2f03122da616f007

SHA-256:
8c526f48f677c80b4e13d7952c7f5357941ff7d786a4b0d544d0910633c5c6fc

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
12/25/2024 12:24:27 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Pioneer-C
160503-1

AVG
Win32/Floxif
2015.0.4604

Dr.Web
Win32.FloodFix.7
9.0.1.05190

Emsisoft Anti-Malware
Win32.Floxif
11.5.0.6191

ESET NOD32
Win32/Floxif.H virus
8.0.319.0

F-Prot
W32/Floxif.B
4.6.5.141

Kaspersky
Virus.Win32.Pioneer
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.225.469.0

Norman
Win32.Floxif.A
28.05.2016 13:03:37

VIPRE Antivirus
Threat.4760052
50318

File size:
1.8 MB (1,843,271 bytes)

Product version:
7.2.15747.10003

Copyright:
(c) Microsoft Corporation. All rights reserved.

Original file name:
PNRSvc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\Program Files\skype\toolbars\pnrsvc\skypec2cpnrsvc.exe

Digital Signature
Authority:
Microsoft Corporation

Valid from:
3/13/2013 8:31:10 PM

Valid to:
6/13/2014 8:31:10 PM

Subject:
CN=Skype Software Sarl, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
33000000BAC6104032D6DD18900001000000BA

File PE Metadata
Compilation timestamp:
4/11/2014 11:37:09 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
24576:AeaC7VOK5eEagteQPb4Udp0ftuVFsfdPOSIbQJlLtt2J/eiV+X5/zNRArEH7g:RKQPbMP2AJ1ttm/ef5Rg

Entry address:
0x81FBC

Entry point:
E9, 4D, 29, 04, 00, E9, 35, FE, FF, FF, 55, 8B, EC, B8, FF, FF, 00, 00, 83, EC, 14, 66, 39, 45, 08, 0F, 84, 9B, 00, 00, 00, 56, FF, 75, 0C, 8D, 4D, EC, E8, FD, FB, FF, FF, 8B, 75, EC, 8B, 86, A8, 00, 00, 00, 85, C0, 75, 18, 8B, 4D, 08, 8D, 41, BF, 66, 83, F8, 19, 77, 04, 66, 83, C1, 20, 0F, B7, C1, 0F, B7, C0, EB, 1F, BA, 00, 01, 00, 00, 6A, 01, 66, 39, 55, 08, 73, 2A, FF, 75, 08, E8, C9, 34, 00, 00, 59, 59, 85, C0, 75, 09, 0F, B7, 45, 08, 0F, B7, C0, EB, 0E, 0F, B7, 4D, 08, 8B, 86, 94, 00, 00, 00, 0F, B6...
 
[+]

Entropy:
6.4462

Packer / compiler:
Xtreme-Protector v1.05

Code size:
1.1 MB (1,153,536 bytes)

Service
Display name:
Skype Click to Call PNR Service

Service name:
c2cpnrsvc

Description:
Provides phone number recognition services.

Type:
Win32OwnProcess

Depends on:
RpcSs


Remove skypec2cpnrsvc.exe - Powered by Reason Core Security