» skypec2cautoupdatesvc.exe
Overview
Analysis
File Details
Behaviors (1)

skypec2cautoupdatesvc.exe

Skype Click to Call

Microsoft Corporation

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable skypec2cautoupdatesvc.exe, “Updates Skype Click to Call” has been detected as malware by 10 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “Skype Click to Call Updater”.

File name:

Publisher:

Microsoft Corporation (signed and verified)

Product:

Skype Click to Call

Description:

Updates Skype Click to Call

Version:

7.2.15747.10003

MD5:

bfa98c1c3173d0664566dbf059e82b26

SHA-1:

386f886f94867e4007c20087f57927bf30e0d6ac

SHA-256:

8976b6b0354665e88355992701e296f6b2dd38e9f9595f79fa9fa743e2f65440

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

4/20/2024 2:18:26 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Pioneer-C

160414-2

AVG

Win32/Floxif

2015.0.4604

Dr.Web

Win32.FloodFix.7

9.0.1.05190

Emsisoft Anti-Malware

Win32.Floxif

11.5.0.6191

ESET NOD32

Win32/Floxif.H virus

7.0.302.0

F-Prot

W32/Floxif.B

4.6.5.141

F-Secure

Win32.Floxif.A

5.15.96

Kaspersky

Virus.Win32.Pioneer

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.225.531.0

Norman

Win32.Floxif.A

28.05.2016 15:32:18

File size:

1.4 MB (1,468,999 bytes)

Product version:

7.2.15747.10003

Original file name:

AutoUpdateSvc.exe

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\Program Files\skype\toolbars\autoupdate\skypec2cautoupdatesvc.exe

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

3/13/2013 8:31:10 PM

Valid to:

6/13/2014 8:31:10 PM

Subject:

CN=Skype Software Sarl, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

33000000BAC6104032D6DD18900001000000BA

File PE Metadata

Compilation timestamp:

4/11/2014 11:36:37 AM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

CTPH (ssdeep):

24576:ppnWfI2vlpMflJ7fs3nNwSJHceiU32tB2SmMhljC1VnorEH7f:opM37f2pS1hljC19n

Entry address:

0x6B2BC

Entry point:

E9, 08, 4B, 04, 00, E9, 35, FE, FF, FF, 55, 8B, EC, A1, 98, 6E, 53, 00, 85, C0, 75, 1D, E8, 37, E9, 00, 00, 6A, 1E, E8, 8D, E9, 00, 00, 68, FF, 00, 00, 00, E8, 82, EE, 00, 00, A1, 98, 6E, 53, 00, 59, 59, 8B, 4D, 08, 85, C9, 75, 01, 41, 51, 6A, 00, 50, FF, 15, A0, D1, 4F, 00, 5D, C3, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 77, 6F, 53, 57, A1, 98, 6E, 53, 00, 85, C0, 75, 1D, E8, EF, E8, 00, 00, 6A, 1E, E8, 45, E9, 00, 00, 68, FF, 00, 00, 00, E8, 3A, EE, 00, 00, A1, 98, 6E, 53, 00, 59, 59, 85, F6, 74, 04, 8B... 
[+]

Entropy:

6.4770

Packer / compiler:

Xtreme-Protector v1.05

Code size:

1008 KB (1,032,192 bytes)

Service

Display name:

Skype Click to Call Updater

Service name:

c2cautoupdatesvc

Description:

Downloads and installs product updates.

Type:

Win32OwnProcess

Depends on:

RpcSs

Remove skypec2cautoupdatesvc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.