» SkypeUpdade2.exe
Overview
Analysis
File Details
Downloads (1)

SkypeUpdade2.exe

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable SkypeUpdade2.exe has been detected as malware by 25 anti-virus scanners. The file has been seen being downloaded from wotkl.ru.

File name:

SkypeUpdade2.exe

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Microsoft Corporation

Version:

30.401.0116

MD5:

6fdfed9fbe3608c52d7d77ce74f545ca

SHA-1:

711317ef6bbf970577373af360e9f32e049d5905

SHA-256:

bce64d14d0e9f2ec24ff5ce7ecc1fda1cb198e1250178c963cd8d52cc6563cc5

Scanner detections:

25 / 68

Status:

Malware

Analysis date:

4/25/2024 10:15:07 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/VB.Downloader.Gen

7.11.98.64

avast!

Win32:Malware-gen

2014.9-131126

AVG

Dropper.Generic8

2014.0.3643

Bitdefender

Gen:Trojan.Heur.bmKfrXWXOojOy

1.0.20.1175

Comodo Security

TrojWare.Win32.Downloader.Agent.tnil

16829

Emsisoft Anti-Malware

Gen:Trojan.Heur.bmKfrXWXOojOy

8.13.08.23.06

ESET NOD32

Win32/TrojanDownloader.Banload.PMY (variant)

7.8731

Fortinet FortiGate

W32/Vb.XDK!tr.dldr

8/23/2013

F-Secure

Gen:Trojan.Heur.bmKfrXWXOojOy

11.2013-26-11_3

G Data

Gen:Trojan.Heur.bmKfrXWXOojOy

13.8.22

IKARUS anti.virus

Trojan-Dropper.Agent

t3scan.2.0.127

K7 AntiVirus

Trojan

13.170.9394

Kaspersky

Trojan-Dropper.Win32.Sysn

14.0.0.3766

Malwarebytes

Trojan.FakeMS

v2013.08.23.06

McAfee

Artemis!6FDFED9FBE36

5600.7271

Microsoft Security Essentials

Trojan:Win32/Sisron

1.163.1557.0

MicroWorld eScan

Gen:Trojan.Heur.bmKfrXWXOojOy

14.0.0.705

NANO AntiVirus

Virus.Win32.VB.bceyhq

0.26.0.54268

Norman

Troj_Generic.OMJJB

11.20131126

Panda Antivirus

Generic Malware

13.11.26.01

Reason Heuristics

Unnamed.Threat.77

14.3.1.0

Sophos

Mal/VB-A

4.91

Trend Micro House Call

TROJ_GEN.R047H08HN13

7.2.330

Trend Micro

TROJ_GEN.R0CBC0RHQ13

10.465.26

VIPRE Antivirus

Trojan.Win32.Generic!SB.0

20906

File size:

22 KB (22,528 bytes)

Product version:

30.401.0116

Microsoft Corporation

Trademarks:

Microsoft Corporation

Original file name:

SkypeUpdade2.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\skypeupdade2.exe

File PE Metadata

Compilation timestamp:

8/23/2013 7:00:43 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

384:1zKXRnxeqhXOdN5Ju45ClDOElxToqXPA4nVNfbjuKmuQLWA5DKpWSis:RKBxeqhXqNu455qXoMvbjkPtc

Entry address:

0xE490

Entry point:

60, BE, 00, A0, 40, 00, 8D, BE, 00, 70, FF, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75... 
[+]

Entropy:

7.3385

Packer / compiler:

UPX 2.90LZMA]

Code size:

20 KB (20,480 bytes)

The file SkypeUpdade2.exe has been seen being distributed by the following URL.

http://wotkl.ru/wp-includes/.../2013-08.exe

Remove SkypeUpdade2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.