Skype.exe

  • File Path: C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
  • Description: Skype

Screenshot

Skype.exe

Hashes

Type Hash
MD5 90DC568AE6FE97F3B08DFC834C393271
SHA1 113AC7A0567C957193D5B3FCFCCA18476A2050D4
SHA256 D0AE015034960B3834B08321A5279988CC6F054B31DD90D5D8C093FC08A92657
SHA384 A2CB76BC718CB31569B0B291022CDEB2661F654617431BFF0C2531571AE29D877D8198DE44A561A0A4581AA18F08C636
SHA512 EF3D224CC75DC108905601ED5A002D08871B2840F247AD31215253DF09EC721E57ACDFEDDD96504796A481F0A68120F3ABEFA4B98E773B570B20AFA6F44ECEAE
SSDEEP 1572864:l3qzajVgEVOyttMvKmSD9UCoSy+4YeXGM4gfMBNKX4Uc+3Dtjs6NB6/RIwXboyz/:BqzaCEw4V6WPZvgGhr
IMP 0E99B4FD552B09DFF212E905C6B1F5EF
PESHA1 9E69262F8462FBE2974A76486667CA0C153A959F
PE256 0C196347D69AF700ECF595C951BBE24E1F35E6EE6F0DCF69EEBAC0758607DFFF

Runtime Data

Usage (stdout):



Usage (stderr):

Error occurred in handler for 'keychain:get-password': Error: No stored credentials fetched from keytar.
    at C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar\main.js:2:638309
    at async electron/js2c/browser_init.js:205:563
Error occurred in handler for 'keychain:get-password': Error: No stored credentials fetched from keytar.
    at C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar\main.js:2:638309
    at async electron/js2c/browser_init.js:205:563
Error occurred in handler for 'keychain:get-password': Error: No stored credentials fetched from keytar.
    at C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar\main.js:2:638309
    at async electron/js2c/browser_init.js:205:563

Child Processes:

Skype.exe Skype.exe Skype.exe Skype.exe

Window Title:

Skype

Open Handles:

Path Type
(R–) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\lockfile File
(R-D) C:\Program Files (x86)\Microsoft\Skype for Desktop\chrome_100_percent.pak File
(R-D) C:\Program Files (x86)\Microsoft\Skype for Desktop\chrome_200_percent.pak File
(R-D) C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\en-US.pak File
(R-D) C:\Program Files (x86)\Microsoft\Skype for Desktop\resources.pak File
(R-D) C:\Windows\System32\en-US\kernel32.dll.mui File
(R-D) C:\Windows\System32\en-US\KernelBase.dll.mui File
(R-D) C:\Windows\System32\en-US\mswsock.dll.mui File
(R-D) C:\Windows\SysWOW64\en-US\user32.dll.mui File
(RW-) C:\Program Files (x86)\Microsoft\Skype for Desktop File
(RW-) C:\Program Files (x86)\Microsoft\Skype for Desktop\icudtl.dat File
(RW-) C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar File
(RW-) C:\Program Files (x86)\Microsoft\Skype for Desktop\v8_context_snapshot.bin File
(RW-) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000003.log File
(RW-) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOCK File
(RW-) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG File
(RW-) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\MANIFEST-000001 File
(RW-) C:\Windows File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984 File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.1320_none_d94e4effe1070d4b File
(RWD) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\GPUCache\data_0 File
(RWD) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\GPUCache\data_1 File
(RWD) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\GPUCache\data_2 File
(RWD) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\GPUCache\data_3 File
(RWD) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\GPUCache\index File
(RWD) C:\Users\user\AppData\Roaming\Microsoft\Spelling File
(RWD) C:\Windows\Fonts\segoeui.ttf File
(RWD) C:\Windows\System32\drivers\etc File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\1\BaseNamedObjects\f34HWNDInterface:1e0a96 Section
\Sessions\1\BaseNamedObjects\node-debug-handler-3892 Section
\Sessions\1\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\1\Windows\Theme449731986 Section
\Windows\Theme1396518710 Section

Loaded Modules:

Path
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002198C0A9FB2162B10E6000000000219
  • Thumbprint: 659500EB3E9497BDBE7DB7FF0801B5F46FBDE760
  • Issuer: CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Skype Software Sarl, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: Skype.exe
  • Product Name: Skype
  • Company Name: Skype Technologies S.A.
  • File Version: 8.78.0.159
  • Product Version: 8.78
  • Language: English (United States)
  • Legal Copyright: (c) 2021 Skype and/or Microsoft
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/72
  • VirusTotal Link: https://www.virustotal.com/gui/file/d0ae015034960b3834b08321a5279988cc6f054b31dd90d5d8c093fc08a92657/detection

Possible Misuse

The following table contains possible examples of Skype.exe being misused. While Skype.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma win_susp_squirrel_lolbin.yml - Skype DRL 1.0
malware-ioc groundbait === Prikormka *SKYPE* modules © ESET 2014-2018
malware-ioc interception C:\ProgramData\Skype\Skype.exe © ESET 2014-2018
signature-base apt_lazarus_dec17.yar $s3 = “Skype Technologies S.A.” fullword wide CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.