» skype.dat
Overview
Analysis
File Details

skype.dat

The file skype.dat has been detected as a potentially unwanted program by 31 anti-malware scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

skype.dat

MD5:

f16f58879f2e09ff73ad2188418a8a9e

SHA-1:

ca58395f4e2d8d4edca8ab60a12a681ed12cd1aa

SHA-256:

24e46608ba94c62dca1c60d2678430ae55ca38a1013982d58c5cd95351382ab3

Scanner detections:

31 / 68

Status:

Potentially unwanted

Analysis date:

4/16/2024 5:45:16 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.Xema

2013.07.28

Avira AntiVirus

TR/MalCrypt.JH.3

7.11.93.86

avast!

Win32:LockScreen-AAX [Trj]

2014.9-160201

AVG

Cryptic

2017.0.2846

Bitdefender

Trojan.GenericKDZ.22604

1.0.20.160

Comodo Security

UnclassifiedMalware

16663

Dr.Web

Trojan.Packed.24465

9.0.1.032

Emsisoft Anti-Malware

Trojan.GenericKDZ.22604

8.16.02.01.05

ESET NOD32

Win32/Kryptik.BEUG (variant)

10.8617

Fortinet FortiGate

W32/Zbot.NUP!tr

2/1/2016

F-Prot

W32/FakeAlert.ZO.gen

v6.4.7.1.166

F-Secure

Trojan.GenericKDZ.22604

11.2016-01-02_2

G Data

Trojan.GenericKDZ.22604

16.2.22

IKARUS anti.virus

Trojan.Win32.FakeAlert

t3scan.2.0.3.0

K7 AntiVirus

Trojan

13.170.9117

Kaspersky

Trojan-Ransom.Win32.Foreign

14.0.0.726

Malwarebytes

Trojan.Agent.rf2

v2016.02.01.05

McAfee

BackDoor-FJW

5600.6502

Microsoft Security Essentials

Trojan:Win32/Urausy.C

1.163.1557.0

MicroWorld eScan

Trojan.GenericKDZ.22604

17.0.0.96

NANO AntiVirus

Trojan.Win32.Foreign.bwzcck

0.24.0.53571

Norman

Kryptik.CBZQ

11.20160201

Panda Antivirus

Adware/SystemTool

16.02.01.05

Quick Heal

TrojanPWS.Zbot.Gen

2.16.12.00

Rising Antivirus

Trojan.Agent!5567

23.00.65.16130

Sophos

Troj/Agent-ACJB

4.91

SUPERAntiSpyware

Trojan.Agent/Gen-Graftor

9350

Trend Micro House Call

TROJ_URAUSY.SM

7.2.32

Trend Micro

TROJ_URAUSY.SM

10.465.01

Vba32 AntiVirus

Malware-Cryptor.Hlux.2613

3.12.22.2

VIPRE Antivirus

VirTool.Win32.Obfuscator.da!n

19936

File size:

64.5 KB (66,048 bytes)

Common path:

C:\users\{user}\appdata\roaming\skype.dat

File PE Metadata

Compilation timestamp:

9/6/2006 12:51:38 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

0.255

CTPH (ssdeep):

1536:hzQBECSvjzsky6XoSpfcq173Lzox5dLOT:hzQBJSvjIPUfJox

Entry address:

0x1AF6

Entry point:

33, F6, 8B, 35, 5C, 20, 40, 00, 68, 00, 60, 40, 00, A1, 08, 20, 40, 00, FF, D0, 8D, 0E, 1B, C8, 81, F9, 00, 00, 04, 00, 72, 2F, 05, E8, 00, 00, 00, 6A, 50, 59, 3A, 08, 74, 03, 83, C0, 08, 38, 08, 74, 03, 83, C0, 10, 05, 84, 00, 00, 00, B6, 50, 38, 30, 72, 0E, B1, F0, 38, 08, 77, 08, 68, 00, 60, 40, 00, 5E, 76, AB, B9, 80, 00, 00, 00, 49, E2, FE, C3, A7, D7, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Code size:

3 KB (3,072 bytes)

Remove skype.dat - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.