tafiaskype.exe

The executable tafiaskype.exe has been detected as malware by 7 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download1902.mediafire.com and multiple other hosts.
MD5:
f95981c29a9e528d23a3e59b041ad42d

SHA-1:
2d2f501b34e1319b7a1c51796edcf19a7d1ac69c

SHA-256:
fc8e028d0f42c8653f48971d77b53103db71988dedb51be2c1f4500dd75b4158

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
12/26/2024 5:17:35 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Drop.Agent.10547607
7.11.212.236

avast!
Win32:Dropper-gen [Drp]
2014.9-150720

G Data
Win32.Trojan.Agent.EKCGRH
15.7.25

McAfee
Artemis!F95981C29A9E
5600.6699

Qihoo 360 Security
HEUR/QVM20.1.Malware.Gen
1.0.0.1015

VIPRE Antivirus
Trojan.Win32.Generic
37988

Zillya! Antivirus
Backdoor.DarkKomet.Win32.27243
2.0.0.2084

File size:
10.1 MB (10,547,607 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
4/29/2014 3:43:03 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.50

CTPH (ssdeep):
196608:+9+Rsof4BCbRrrfj4BANGFYagSjUuYMCrX9XN27IoK2xdKFllzmf1T:+Osof4BIRrrfjpDuqfjp2vKnpmf5

Entry address:
0x1000

Entry point:
68, 18, 02, 00, 00, 68, 00, 00, 00, 00, 68, B4, AD, 46, 00, E8, 10, 91, 00, 00, 83, C4, 0C, 68, 00, 00, 00, 00, E8, 0F, 91, 00, 00, A3, B8, AD, 46, 00, 68, 00, 00, 00, 00, 68, 00, 10, 00, 00, 68, 00, 00, 00, 00, E8, FC, 90, 00, 00, A3, B4, AD, 46, 00, B8, 40, A7, 43, 00, A3, CC, AD, 46, 00, E8, 42, 86, 02, 00, E8, 70, 68, 02, 00, E8, B7, 64, 02, 00, E8, 0E, 63, 02, 00, E8, DB, 61, 02, 00, E8, C2, 58, 02, 00, E8, BB, 4A, 02, 00, E8, F6, 46, 02, 00, E8, D3, 2F, 02, 00, E8, D7, E9, 01, 00, E8, 39, B7, 01, 00...
 
[+]

Entropy:
7.9888

Packer / compiler:
PKLITE32, 0x1.1

Code size:
194.5 KB (199,168 bytes)

The file tafiaskype.exe has been seen being distributed by the following 5 URLs.

http://download1902.mediafire.com/p1j7n3ro8kyg/.../TafiaSkype.exe

Remove tafiaskype.exe - Powered by Reason Core Security