home

skypeserver.exe

Cobind

The executable skypeserver.exe has been detected as malware by 5 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler named 445225421214565612 triggered to execute each time a user logs in.
Publisher:
Cobind  (signed and verified)

MD5:
74b43d1b44f54bc18b9f4c1112118a7e

SHA-1:
7adf2fa40c6d5dca03b97c6ac1a2b79480db1935

SHA-256:
96533d41df07dde9a2e44e22a6293685813b71bb4ec5e8b20bdbbf8a36e29a83

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
11/27/2024 7:35:10 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Evo-gen [Susp]
160807-0

Dr.Web
Detection.Undefined
9.0.1.05190

ESET NOD32
MSIL/Injector.PZX trojan
6.3

F-Secure
Trojan.GenericKD.3464934
5.15.96

McAfee
Trojan.Trojan-FJJW!74B43D1B44F5
18.0.204.0

File size:
729.4 KB (746,912 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\skypeserver.exe

Digital Signature
Signed by:
Cobind

Authority:
Cobind

Valid from:
8/5/2016 9:36:03 AM

Valid to:
8/3/2026 9:36:03 AM

Subject:
E=admin@cobind.com, CN=cobind.com, OU=Ques Unit, O=Cobind, L=New York City, S=New York, C=US

Issuer:
E=admin@cobind.com, CN=cobind.com, OU=Ques Unit, O=Cobind, L=New York City, S=New York, C=US

Serial number:
00ABF3127C9761E782

File PE Metadata
Compilation timestamp:
8/5/2016 6:06:00 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:/GBWEQdUn7wJbRbasauqzIx3Vy8Aub9fAf8/uuoUml+pP02ZnxQBmQ+/:+BWndi7w9hasaJC/S82UBp5xQG

Entry address:
0x5960E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.6460

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
352 KB (360,448 bytes)

Scheduled Task
Task name:
445225421214565612

Path:
\Update\445225421214565612

Trigger:
Logon (Runs on logon)


Remove skypeserver.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.