Skype.exe

File Path: C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
Description: Skype

Screenshot

Skype.exe

Hashes

Type	Hash
MD5	`90DC568AE6FE97F3B08DFC834C393271`
SHA1	`113AC7A0567C957193D5B3FCFCCA18476A2050D4`
SHA256	`D0AE015034960B3834B08321A5279988CC6F054B31DD90D5D8C093FC08A92657`
SHA384	`A2CB76BC718CB31569B0B291022CDEB2661F654617431BFF0C2531571AE29D877D8198DE44A561A0A4581AA18F08C636`
SHA512	`EF3D224CC75DC108905601ED5A002D08871B2840F247AD31215253DF09EC721E57ACDFEDDD96504796A481F0A68120F3ABEFA4B98E773B570B20AFA6F44ECEAE`
SSDEEP	`1572864:l3qzajVgEVOyttMvKmSD9UCoSy+4YeXGM4gfMBNKX4Uc+3Dtjs6NB6/RIwXboyz/:BqzaCEw4V6WPZvgGhr`
IMP	`0E99B4FD552B09DFF212E905C6B1F5EF`
PESHA1	`9E69262F8462FBE2974A76486667CA0C153A959F`
PE256	`0C196347D69AF700ECF595C951BBE24E1F35E6EE6F0DCF69EEBAC0758607DFFF`

Runtime Data

Usage (stdout):

Usage (stderr):

Error occurred in handler for 'keychain:get-password': Error: No stored credentials fetched from keytar.
    at C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar\main.js:2:638309
    at async electron/js2c/browser_init.js:205:563
Error occurred in handler for 'keychain:get-password': Error: No stored credentials fetched from keytar.
    at C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar\main.js:2:638309
    at async electron/js2c/browser_init.js:205:563
Error occurred in handler for 'keychain:get-password': Error: No stored credentials fetched from keytar.
    at C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar\main.js:2:638309
    at async electron/js2c/browser_init.js:205:563

Child Processes:

Skype.exe Skype.exe Skype.exe Skype.exe

Window Title:

Skype

Open Handles:

Path	Type
(R–) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\lockfile	File
(R-D) C:\Program Files (x86)\Microsoft\Skype for Desktop\chrome_100_percent.pak	File
(R-D) C:\Program Files (x86)\Microsoft\Skype for Desktop\chrome_200_percent.pak	File
(R-D) C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\en-US.pak	File
(R-D) C:\Program Files (x86)\Microsoft\Skype for Desktop\resources.pak	File
(R-D) C:\Windows\System32\en-US\kernel32.dll.mui	File
(R-D) C:\Windows\System32\en-US\KernelBase.dll.mui	File
(R-D) C:\Windows\System32\en-US\mswsock.dll.mui	File
(R-D) C:\Windows\SysWOW64\en-US\user32.dll.mui	File
(RW-) C:\Program Files (x86)\Microsoft\Skype for Desktop	File
(RW-) C:\Program Files (x86)\Microsoft\Skype for Desktop\icudtl.dat	File
(RW-) C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar	File
(RW-) C:\Program Files (x86)\Microsoft\Skype for Desktop\v8_context_snapshot.bin	File
(RW-) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000003.log	File
(RW-) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOCK	File
(RW-) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG	File
(RW-) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\MANIFEST-000001	File
(RW-) C:\Windows	File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984	File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.1320_none_d94e4effe1070d4b	File
(RWD) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\GPUCache\data_0	File
(RWD) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\GPUCache\data_1	File
(RWD) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\GPUCache\data_2	File
(RWD) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\GPUCache\data_3	File
(RWD) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\GPUCache\index	File
(RWD) C:\Users\user\AppData\Roaming\Microsoft\Spelling	File
(RWD) C:\Windows\Fonts\segoeui.ttf	File
(RWD) C:\Windows\System32\drivers\etc	File
\BaseNamedObjects__ComCatalogCache__	Section
\BaseNamedObjects\C:ProgramDataMicrosoftWindowsCaches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db	Section
\BaseNamedObjects\C:ProgramDataMicrosoftWindowsCaches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db	Section
\BaseNamedObjects\C:ProgramDataMicrosoftWindowsCaches*cversions.2	Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0	Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0	Section
\BaseNamedObjects\windows_shell_global_counters	Section
\Sessions\1\BaseNamedObjects\f34HWNDInterface:1e0a96	Section
\Sessions\1\BaseNamedObjects\node-debug-handler-3892	Section
\Sessions\1\BaseNamedObjects\windows_shell_global_counters	Section
\Sessions\1\Windows\Theme449731986	Section
\Windows\Theme1396518710	Section

Loaded Modules:

Path
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

Status: Signature verified.
Serial: 33000002198C0A9FB2162B10E6000000000219
Thumbprint: 659500EB3E9497BDBE7DB7FF0801B5F46FBDE760
Issuer: CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Subject: CN=Skype Software Sarl, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

Original Filename: Skype.exe
Product Name: Skype
Company Name: Skype Technologies S.A.
File Version: 8.78.0.159
Product Version: 8.78
Language: English (United States)
Machine Type: 32-bit

File Scan

VirusTotal Detections: 0/72
VirusTotal Link: https://www.virustotal.com/gui/file/d0ae015034960b3834b08321a5279988cc6f054b31dd90d5d8c093fc08a92657/detection

Possible Misuse

The following table contains possible examples of Skype.exe being misused. While Skype.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source	Source File	Example	License
sigma	proc_creation_win_susp_squirrel_lolbin.yml	`- Skype`	DRL 1.0
malware-ioc	groundbait	`=== Prikormka SKYPE modules`	© ESET 2014-2018
malware-ioc	interception	`C:\ProgramData\Skype\Skype.exe`	© ESET 2014-2018
signature-base	apt_lazarus_dec17.yar	$s3 = “Skype Technologies S.A.” fullword wide	CC BY-NC 4.0