» skype_7.32.exe
Overview
Analysis
File Details
Downloads (12)
Network (34)

skype_7.32.exe

Fotololed

Sivensys SRL

The executable skype_7.32.exe, “Fotololed Setup ” has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from www.funcentralnew.com and multiple other hosts.

File name:

skype_7.32.exe

Publisher:

Sivensys SRL (signed and verified)

Product:

Fotololed

Description:

Fotololed Setup

MD5:

6550549a3cf2a5c75eb282719129fb99

SHA-1:

3354eeddb628514c879b35c0798a49cdee110e7b

SHA-256:

c787ee682b331bf7259a004dd9e8f58eedf7d60e7766013610901eb5dbb23386

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

4/25/2024 7:47:17 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

17.2.8.12

File size:

1.2 MB (1,280,368 bytes)

Product version:

5.5

Internet

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\skype_7.32.exe

Digital Signature

Signed by:

Sivensys SRL

Authority:

GlobalSign nv-sa

Valid from:

10/20/2016 12:04:57 PM

Valid to:

10/21/2017 12:04:57 PM

Subject:

CN=Sivensys SRL, O=Sivensys SRL, L=IASI, C=RO

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE

Serial number:

0D38E905F0B0BA5733036DFB

File PE Metadata

Compilation timestamp:

6/20/1992 2:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0xAA98

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9856

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

40.5 KB (41,472 bytes)

The file skype_7.32.exe has been seen being distributed by the following 12 URLs.

http://www.funcentralnew.com/7wSUebz4lqEPmvKh0OU0Cc6xiCuQobvOy_zfpdIc6dlLWJEMaK5TQUmkhLmH4CX9o8HHcxjasXYLHCuQMshQNnapABUQyX5TApN718VsTyJTTsWvqqGM95D oOIomJqM6zAbBpU_7Ukj1AIbs_d2Ip_78ymYYMMCy1WnId2LqG4ifJWjVRHHSguf5EMURQyBNWnCK7xfTJQaJE59xktQJ3ZIJWa2DplomlGec78kIKawLBxYzCsNsjKUa6nXDsLd5LejyLJpDOTCVSrDphJjTEZe0cvodWhAmTFDl1k01kf25HnNFNdEBDGuJdLpcujFodbYxlQzYD0hxtbD_Rk9lIrryhcBGUbKxD6LCptIkBS0XcblOEHtJgCFCxZvG4ff dJiWIxuMh7V8 6zaTgaHm4ng0cNfou7h3Qex ajCljprgbemjggFjluAzTgX6nTUkRvCia3Mw8RkygzEteBQXlnBEFfqg==-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA-e

http://www.funcentralnew.com/iAPhp02G3vIlOCnE3ZfkQ8RnpwtHYoMS147CKfCHx9uSFfdk9GyfyDK_z_2ILAJ7rQGyVu4fs2n_R4sYK0ouE99bEyj1RR3tqLhh6OynCCpvlt_0ZVeljHyahLNXQt2BHfPzT5dQiBtMiX0lL5pWbXnq1RyWhytao1GRk56YUCeG64BQ4xh4J0PUQbnRI_xjjyltv9qelnke5PEJPkj TXh6xFV6j38vMGbB7l2kJnYwatE2Ohp9I1XGFDAqFAkXvCO3iQmk61hsc NNH7afLr9pEnIEk9p5Q4JbsIO6AV9jkBwVj0bz8cD5d_an5WdJhHDa96uwfsTnpM9OMYtS6ASTHScub6rbh_b8HYmnhLNXrT9HP6UH3qyF KIkwW5sRruR7TMYNWThivYmSwM3FQZxJcLSBk5Uv5SB_YTvW7xJkaE656ohqEyWPL1rlgqe95wA8e8o-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA-e

http://www.funcentralnew.com/3SeM_pFDT3P8vU4Z94dqD3XQndr3cbnvLKSIZCXvAVhO8FvExX7535rCWL5DsXGDVwvWDOeAZbpi_Gx36wgKeLHeH8wBlAhRCAj03QL9 oWspzelo5MOQpoibxuF2QCuUqkG1TnWCcVbTGJUrdAmXt6nhgxdquwc6DEzvzo5f9fT1FpBIn3Kgqig5KzyQAv0PpRkIPDSlZy7osuiAsYth_9DAPAl7dpBX3Od Ut 3N6492MPEBVE9k9Fm0ezFI6a0QvRIvMYTL1EfhyavXpROOh_5s5Hy2CLkFdDXia4TMdBEeyO3MuFtoaBoRWG1wnr8gY_c7Fyx1LB5Haz5E7sFjtm8gqs_CUQcKsOQSgeEU_j8qauhIh2H69KOXg35SPXo2wZjMB4yVD2KsqqK3izNWoDXdgPvLB7sQcBso3Tp3ZQlmS6HTtBqOpEguT8UOmHQT_j_uJM-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA-e

http://www.funcentralnew.com/MD2xyfpYz4M3ZFKJoZLRMwj46hgut4RlUnu_Q c4YMdw0wegaZXp6XeP6MgG9GPVp92Tz4MsFCqz0bsKbaXLLqkVCiF G6bxu8QmTFZ7ecpnF3d9VWB4g1mEZv 6zbywC_IT1aGOZIf3kZDISAxDP6Ke_SvtAU1mJIFIbG9FhVqmbVhcT5Xh0pwkDxeVLeZMhA0 W8cdawN1Z2RcFngliDanThgnk7AyWhTHaW1LWPcjCsQtOsV3Hv1jfo0nZHZSV26O4Ktt8eS 3n7JV9OoDI7PapLQG9ZAFajt_ZpQ4NTIWTDu8SyRK7dm NCsahFilBF0G_MnYcJHhsPP0t6MbPkPlaNGoQzBI3BTxFV tjrxFfgnWalz4uvGlfNtBsgZfsEFDVIAWbjCJGNckL8ffO64hn6tvNxPYjPMEblErLgcEiZLgwJkdjnEyqhob7x1tilRZ9oY-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA-e

http://www.funcentralnew.com/FYWpucVWQ5zIAi9 WFOEl0P4nS2eBlttDl8U mI9PrsSSWSm8jWAqL0KnIC9r7GWkxpF1wODnKpAZ7y HFsbRo_eyA aBmtlWtLxLXUGNeVN1q8Rl_TeyoYjb6c_zlcvTKT5vS5yu tL_j2 cZHnPCDLpiPReEXBmV_VtdWaTR_HnsrARJA26m4qw494C6Xcr8prRPqBo4T6ESZSlFvLdFmNvKpxfAq1MX0H5Awm8A2ttudbqgG SpYzXdkxd sIPPiSBwiXk6sJUusAKw_38JKJ7ffjtFaVjQg5J8cobqo_JFc2SlJqku0V97YYQUS_9Qq6zx1Nbm3HEXeG9tqUImaJVvaN5uMhE5cz0dP6nezBivmGhIkBNR1oSKohFpRFHbCICz0mS7 sjv nTtL1fgZkVUt3ERaIH3ZWYNS_K MogCuIwgbUG519inFfGvgf1xUNKcl-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA-e

http://www.funcentralnew.com/9v96Wp1SbvqSCHN lc9Lz_4GhtBOmgSqpVsIr5Ympn6BHgRVM7oWJtg39mYMrsfy2WI4YhQPdFS_zKeQqaa0rzjlipXjyC6lU5MWJTEQeQlA38D3isjaW2XVjHRu6hZMfzm8Pot9wo7SmHh976VGV3s1A Ak oPlQmqJqzz7FVs3qOfL3Xi_w67dpiRYJRXG2Oze8BhUd6_KWEAFK1K1ZmlWJ5KsGZ2etfPYcVZxSal0mJS8ZqpfbYTeuPD1aA89CBDbcp1bVUBOORW1vZsNvjvkuru9A_6OzutYdaEEmXpqbN6JuZHSGQGQwACWg8oR4sGyqlt841dI QIuE KBeAYALg jnfkJOauu0mf2pjQCfae tT91Iv3JQzlVcXmI45cmP1OQRbnZC6JLuT00tredjVbzrREIiwNkZA5KHAKDwi yHScD2ySckrWgPiAEqk4wvlHr-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA-e

http://www.funcentralnew.com/wYkoysHuXey30gdBT7748EJoHL4RiD67LNRjTBDwPfootFsTLYsMnuBmjIJjEoA2DnmbpY734N6e SOCLhSHkUEhU9yqySlQyP6nF5C1YoA48_S6eo9ZTPn6YwNz1WUWgOZGR0Ve3mc96CQ8EmSM5wDQzzXFIKCLxdtmREGj8LdVrwEWvg8U k824j1LHCEiI6p8zbgtQFiw_eROfK5tGK5czwgbEdj3CLIZYRML4fpdGzNtbZsAeNC1VcRNMeVreLuA_2BD_PCDDzMZwBFDT2VKQW_ZcfpeHX0l3xVLR7kg5gMYrt2afPUW_8mQSftg7YFEMhN9XGSfY5DkOC1wo0zd11ytcIKd8LYzy yUNybmMJUzMmRBCqzcvmRzMncACQLyVKzUPUubqWP8I3RRv46uHQc Ibg YPEJaDa9i2rcUOib0zQve7wvUOuHi9 4cp1KySbn-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA-e

http://www.funcentralnew.com/jO1XXlEUD7ydLHHY9r0 KJsk0ZtLEEiJfaFDNmNezzrYol_HwrPS5jTYRbh LH_xQP peLf4q8b60z3l_saQVQlOMUWfsoFp9WKs2ziYqxIDHFJ6ekf9OyaRYxF2YwTbQczcljxdN_GdPsq8ZoQxNauNhIMLXISxiDQbxZrZt9FCB5tBizmmBmTtYtdVCouZ1QQQno1_xiKtxnQxFz03gldKZaDskA==-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA

http://www.funcentralnew.com/HWnhe1sC5Ew7RJbstYn0O Ne_XTDWJcI8TiTx7ujgbaYx7bJz4EWZr5HR jiGByScuZmRujizBHtWs8ljccQQ4l0NS6Vb5BY0BmBu_VY_ QpWQkoToIYr fEJ28j01Sse JNe_BDGZU58_vduMHmAz5v5vmYNXRVRlPLB6l7Pn3Kys4UDTrgOrrq1uX6oc99irrF_a3g0C1HyyUefYpsttpc2PF0S2KHEaH9lUAinwOiFZDsxf4ai75ziazlPEeFXKcYyh frC0pikfFk3rRhfrw2SvqglYxBaulWz4dgYsmMXa7oVqED_8yI9JjGqj_Uxpk8xH2CBd9uNDI7s558FsSiIEl7t6Wdwx2AxxSwBVWVUD9iHe WRTYpnCm2mlUIArteoDzDTOBi5VMkaWI sw3XVY4C _XiawlySDJk1rDjJLrSdQNHsMblShCGuchCR3T9mal-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA-e

http://www.funcentralnew.com/gv0u9szrE7Ya67Gzz2LladIPesngOa3QT 43dqNQKLNRGSyPVLl27RWzR2Fc90iAerjCoNOy8AuUfTbv489BRGIAm4t5ZXjBWlN9qAKjqTKoUgvQvgVVPQm3DCq0As6yrO6iHpXb7yPDKiAlDk9NNxYc1T_iZFbfRE7m8p74VYWEqKxmwelCjGh7hxBo1T1_ujc6zOlRqOVwUHLVFrkDKDobf2ERd65PK5WczKDpZYh75dDnYkpWPwKWXbZxkZceICcGeYXSp0uOnWz_9GTHNFdEbT1Pct6lUEqq552gftXw 6Z80mxh_MtQqBcFSFMWhPYVeBmJ qaIohsYeI6vojjwz2pPJsp9rvIgv58C2Hgx7fVaaVoSDcaS0SZfe8H7P__GF8iEPTnzxaSXz3lPE9QLJK02nkUCmLR2IJnHxiLAwzWWRB9JwFl8lQ8DRSZaj_z74P7h-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA-e

http://www.funcentralnew.com/DRHx7D16J_YguYkv5IFFADjhcAdbGy_gtx7OQKNWQXDAP kqhqkxdnulFyyXsMQdBB8QI9JfgVKqW_mneZPULe1tsGXfh54JCUZm5bLiCZjaUE9 7Tedi9CgXBnaQKN4uOADj8wlVrNqqa6leLA9CShv4N4VLzwhmh9 yfEKE17GeLMnuCMFK84d97YiKsCiau7v Yyl1J9oh5yHTLfRM_p54vTDRqF35b8vmhdxjWeN6cMcyLtKqGoKkkXXxjKqwIO4e5KxR7tyDHIgMoxnNvLGi4gubTMfzUoTPIScpefH1BLXI LuPCE3WZcSehsFMaB44Gf0h_QaxJAKjnTb2JG78A2j1dTmbhyH4ZXcTNilsXSRDlgknYS54dVXrEx2DuFw_hVF5YjgDOcebwPrV4MdtFnpplZD5ItjS0nxmnM 0GZoabZjGyN0T7jmB3bCxxRB5TGj-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA-e

http://www.funcentralnew.com/WhM7ZdW8G49 7_0t0pXLM9hs oMLYW65b365KfkjLP3YhAdtlzpDxupRaf1mqo8i4nTNOs1v3wRsbisFSVSeKJC a tBMzMXnSLw_r5y4MtUwQ7 ylHsaaLxJa32lwo9N_TI805kCSowNmusUIpXE8KdmGt ExT7OLxzXSuJUoR5eIjPl_oTDALHfXULEvKVQ4OytQZMJ1mXC_ffJjYHHhjxfqUbPpVOM1tdH7FtG3s1iVdXBCmWHQWbKMadhxbuQWClOZj2aTLhjIRaEwzpMzSZdYzuvWZcBEzpvJxfRPRKZ_KeoPeG7iGDPvA2FxfGMUYbwhNeFv7MAUvQqTq1MOW0d62UtBEfoWGFqundQUdFPk_KPKK4UZywCo8DNML3t lxpqcDlGRFHtuc3fRKKCZVSofsVcBeP8uzN_h_qhYaNdks8IcqpRc5uqbSGQi4Ng0xRsoA2ZS8uk9HUaMPeomo4O2AAA==-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA-e

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-54-191-59-48.us-west-2.compute.amazonaws.com (54.191.59.48:80)

TCP (HTTP):

Connects to 92b91b35.rdns.100tb.com (146.185.27.53:80)

TCP (HTTP):

Connects to server-54-192-75-238.hkg50.r.cloudfront.net (54.192.75.238:80)

TCP (HTTP):

Connects to server-54-192-75-139.hkg50.r.cloudfront.net (54.192.75.139:80)

TCP (HTTP):

Connects to ec2-52-39-235-174.us-west-2.compute.amazonaws.com (52.39.235.174:80)

TCP (HTTP):

Connects to 10gbps.io (185.59.222.146:80)

TCP (HTTP SSL):

Connects to generic.external.zlb.scl3.mozilla.com (63.245.213.12:443)

TCP (HTTP):

Connects to ec2-52-50-196-247.eu-west-1.compute.amazonaws.com (52.50.196.247:80)

TCP (HTTP):

Connects to ec2-52-49-170-39.eu-west-1.compute.amazonaws.com (52.49.170.39:80)

TCP (HTTP):

Connects to ec2-54-154-190-87.eu-west-1.compute.amazonaws.com (54.154.190.87:80)

TCP (HTTP):

Connects to ec2-52-214-247-42.eu-west-1.compute.amazonaws.com (52.214.247.42:80)

TCP (HTTP):

Connects to ec2-176-34-130-130.eu-west-1.compute.amazonaws.com (176.34.130.130:80)

TCP (HTTP):

Connects to server-54-192-75-116.hkg50.r.cloudfront.net (54.192.75.116:80)

TCP (HTTP):

Connects to ec2-54-154-109-8.eu-west-1.compute.amazonaws.com (54.154.109.8:80)

TCP (HTTP):

Connects to server-54-192-25-49.mxp4.r.cloudfront.net (54.192.25.49:80)

TCP (HTTP):

Connects to server-54-192-25-169.mxp4.r.cloudfront.net (54.192.25.169:80)

TCP (HTTP):

Connects to server-54-192-25-136.mxp4.r.cloudfront.net (54.192.25.136:80)

TCP (HTTP):

Connects to s3-1-w.amazonaws.com (52.216.16.168:80)

TCP (HTTP):

Connects to hosted-by.leaseweb.com (199.58.87.151:80)

TCP (HTTP):

Connects to ec2-52-30-150-214.eu-west-1.compute.amazonaws.com (52.30.150.214:80)

Remove skype_7.32.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.