» SkypeSetup.exe
Overview
Analysis
File Details
Downloads (1)

SkypeSetup.exe

Skype

Skype Technologies S.A.

The executable SkypeSetup.exe has been detected as malware by 11 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from skype.fr.softonic.com.

File name:

SkypeSetup.exe

Publisher:

Skype Technologies S.A.

Product:

Skype

Description:

Skype

Version:

7.21.0.100

MD5:

04dd6192809bcfc0c2a2634df2c084f0

SHA-1:

a23ca68941a4d58f16b297d14850feb582cd825d

SHA-256:

4ca46f57f04b95f03e6c032a0c39ea6de8397ad6a359c5061072c4d426b14f89

Scanner detections:

11 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

11/16/2024 11:23:48 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160327-1

AVG

Win32/Sality

2015.0.4542

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

11.5.0.6191

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Prot

W32/Sality.gen2

4.6.5.141

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.215.3088.0

VIPRE Antivirus

Threat.4721115

48090

File size:

1.5 MB (1,584,256 bytes)

Product version:

7.21

Original file name:

SkypeSetup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\documents and settings\administrateur\mes documents\downloads\skypesetup.exe

File PE Metadata

Compilation timestamp:

3/1/2016 8:32:31 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:sqVMq2j7V+Yr/DYQWWJS4JMuhwi6uwVVBZDSQN3iOHU5OlfGyRi93Z:sqVTW7VXUdQZKkc3VBZ+Qkvgf0Z

Entry address:

0x2E3DF0

Entry point:

09, C6, 0F, AF, F3, 3C, 09, 42, F6, C3, E1, C6, C2, F0, 80, E5, 6D, 85, D5, 56, 68, 24, 99, E8, 00, 0F, AF, D9, F7, C5, 5C, D7, 7B, D1, 0F, B6, DF, 85, EF, 69, C3, B5, 5E, F7, 7E, E8, 1D, 00, 00, 00, 89, EB, 0F, AF, EB, 0F, AF, F7, 89, C8, FE, C0, 73, 04, 86, E0, 8B, D7, 81, EF, 6E, 3A, 00, 00, F2, 19, CA, B1, 9D, F7, C5, 9B, 11, F3, 06, 0F, BF, E9, F2, 80, C7, A6, C6, C4, 39, F3, 87, D9, 85, C7, 86, E3, 55, F2, 5E, FE, CF, 8D, 2D, D1, AF, DE, 45, 81, C8, 0A, F4, 44, 66, 33, D6, 81, FE, 21, 6D, 00, 00, 74... 
[+]

Code size:

1.1 MB (1,187,840 bytes)

The file SkypeSetup.exe has been seen being distributed by the following URL.

http://skype.fr.softonic.com/download-tracker?th=1/.../bvjq7YWWLQjn0=

Remove SkypeSetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.