Skype.exe
- File Path:
C:\Users\user\AppData\Local\Microsoft\WindowsApps\Skype.exe - Description: Skype (Window Title)
Screenshot
Hashes
Type | Hash
– | –
MD5 |
SHA1 |
SHA256 |
SHA384 |
SHA512 |
SSDEEP |
Runtime Data
Usage (stdout):
Child Processes:
Skype.exe Skype.exe Skype.exe Skype.exe
Window Title:
Skype
Open Handles:
| Path | Type |
|---|---|
| (R–) C:\Users\user\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\LocalCache\Roaming\Microsoft\Skype for Store\lockfile | File |
| (R-D) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\chrome_100_percent.pak | File |
| (R-D) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\chrome_200_percent.pak | File |
| (R-D) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\locales\en-US.pak | File |
| (R-D) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\resources.pak | File |
| (R-D) C:\Windows\System32\en-US\kernel32.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\mswsock.dll.mui | File |
| (R-D) C:\Windows\SysWOW64\en-US\user32.dll.mui | File |
| (RW-) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype | File |
| (RW-) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\icudtl.dat | File |
| (RW-) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\resources\app.asar | File |
| (RW-) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\v8_context_snapshot.bin | File |
| (RW-) C:\Users\user\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\LocalCache\Roaming\Microsoft\Skype for Store\Local Storage\leveldb\000003.log | File |
| (RW-) C:\Users\user\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\LocalCache\Roaming\Microsoft\Skype for Store\Local Storage\leveldb\LOCK | File |
| (RW-) C:\Users\user\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\LocalCache\Roaming\Microsoft\Skype for Store\Local Storage\leveldb\LOG | File |
| (RW-) C:\Users\user\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\LocalCache\Roaming\Microsoft\Skype for Store\Local Storage\leveldb\MANIFEST-000001 | File |
| (RW-) C:\Windows | File |
| (RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_e541a94fcce8ed6d | File |
| (RW-) C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.22000.282_none_162e9dd7277998f6 | File |
| (RWD) C:\Users\user\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\LocalCache\Roaming\Microsoft\Skype for Store\GPUCache\data_0 | File |
| (RWD) C:\Users\user\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\LocalCache\Roaming\Microsoft\Skype for Store\GPUCache\data_1 | File |
| (RWD) C:\Users\user\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\LocalCache\Roaming\Microsoft\Skype for Store\GPUCache\data_2 | File |
| (RWD) C:\Users\user\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\LocalCache\Roaming\Microsoft\Skype for Store\GPUCache\data_3 | File |
| (RWD) C:\Users\user\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\LocalCache\Roaming\Microsoft\Skype for Store\GPUCache\index | File |
| (RWD) C:\Users\user\AppData\Roaming\Microsoft\Spelling | File |
| (RWD) C:\Windows\Fonts\segoeui.ttf | File |
| (RWD) C:\Windows\System32\drivers\etc | File |
| \BaseNamedObjects__ComCatalogCache__ | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro | Section |
| \BaseNamedObjects\windows_shell_global_counters | Section |
| \Sessions\2\BaseNamedObjects\8a4HWNDInterface:120322 | Section |
| \Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 | Section |
| \Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 | Section |
| \Sessions\2\BaseNamedObjects\node-debug-handler-2212 | Section |
| \Sessions\2\BaseNamedObjects\windows_shell_global_counters | Section |
| \Sessions\2\Windows\Theme1077709572 | Section |
| \Windows\Theme3461253685 | Section |
Loaded Modules:
| Path |
|---|
| C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe |
| C:\WINDOWS\SYSTEM32\ntdll.dll |
| C:\WINDOWS\System32\wow64.dll |
| C:\WINDOWS\System32\wow64base.dll |
| C:\WINDOWS\System32\wow64con.dll |
| C:\WINDOWS\System32\wow64cpu.dll |
| C:\WINDOWS\System32\wow64win.dll |
Signature
- Status: Signature verified.
- Serial:
33000003F16206E3E7EFDA8ABE0000000003F1 - Thumbprint:
5362FAEB842C236D05A729B7FAC85BAA1B68BDCA - Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename:
- Product Name:
- Company Name:
- File Version:
- Product Version:
- Language:
- Legal Copyright:
File Scan
- VirusTotal Detections: Unknown
File Similarity (ssdeep match)
Possible Misuse
The following table contains possible examples of Skype.exe being misused. While Skype.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | proc_creation_win_susp_squirrel_lolbin.yml | - Skype |
DRL 1.0 |
| malware-ioc | groundbait | === Prikormka *SKYPE* modules |
© ESET 2014-2018 |
| malware-ioc | interception | C:\ProgramData\Skype\Skype.exe |
© ESET 2014-2018 |
| signature-base | apt_lazarus_dec17.yar | $s3 = “Skype Technologies S.A.” fullword wide | CC BY-NC 4.0 |
MIT License. Copyright (c) 2020-2021 Strontic.