Skype.exe

  • File Path: C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
  • Description: Skype

Screenshot

Skype.exe

Hashes

Type Hash
MD5 C1927E2FD6EC7811302E14CB4134DE16
SHA1 6004B059B54986C5813F710E4CF1F1918B542E19
SHA256 4F7DB4E99C838449C8261DD195CD2BF3A2CFDB6B873203B1917CF86F22CE6298
SHA384 FA4A078973B9F6BF3CA30E07B36372EE4B641BE211EB30E206A52FFF148C2E5B231DAFC3347F9CEE296277090585A7BB
SHA512 7FB2A2AED3B0468C34009B8A6C53D3F54B1028154824FDE301D762ADA567A895A6CA5EB49CEBB74BFCF936523B00987128C131E031B6095283BAC72CCC6FF622
SSDEEP 1572864:AJj7ZJYWA88E+Ha1guID9HuzbBppd5mRR8+5kLZ4YJMw1P3/c3AgzfDOeSK1PMdl:G9JYrqngn06RsYbTHtGl
IMP E13561C103EB9E10FB09FB925129FAC9
PESHA1 D814E0E50496445BEBAA07CF0093CD394B2EC4F0
PE256 18329BDC701F354FAE92161C5B7BD059D54C4B48B602B61EC8EEF7157C081434

Runtime Data

Usage (stdout):


(electron) The default value of app.allowRendererProcessReuse is deprecated, it is currently "false".  It will change to be "true" in Electron 9.  For more information please check https://github.com/electron/electron/issues/18397

Child Processes:

Skype.exe Skype.exe Skype.exe Skype.exe

Window Title:

Skype

Open Handles:

Path Type
(R–) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\lockfile File
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\mswsock.dll.mui File
(R-D) C:\Windows\SysWOW64\en-US\user32.dll.mui File
(RW-) C:\Program Files (x86)\Microsoft\Skype for Desktop File
(RW-) C:\Program Files (x86)\Microsoft\Skype for Desktop\chrome_100_percent.pak File
(RW-) C:\Program Files (x86)\Microsoft\Skype for Desktop\chrome_200_percent.pak File
(RW-) C:\Program Files (x86)\Microsoft\Skype for Desktop\icudtl.dat File
(RW-) C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\en-US.pak File
(RW-) C:\Program Files (x86)\Microsoft\Skype for Desktop\resources.pak File
(RW-) C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar File
(RW-) C:\Program Files (x86)\Microsoft\Skype for Desktop\v8_context_snapshot.bin File
(RW-) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000003.log File
(RW-) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOCK File
(RW-) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG File
(RW-) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\MANIFEST-000001 File
(RW-) C:\Windows File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_11b1e5df2ffd8627 File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.508_none_429cdbca8a8ffa94 File
(RWD) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\GPUCache\data_0 File
(RWD) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\GPUCache\data_1 File
(RWD) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\GPUCache\data_2 File
(RWD) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\GPUCache\data_3 File
(RWD) C:\Users\user\AppData\Roaming\Microsoft\Skype for Desktop\GPUCache\index File
(RWD) C:\Users\user\AppData\Roaming\Microsoft\Spelling File
(RWD) C:\Windows\Fonts\segoeui.ttf File
(RWD) C:\Windows\System32\drivers\etc File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000003.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\1\BaseNamedObjects\1734HWNDInterface:1f0083c Section
\Sessions\1\BaseNamedObjects\1734HWNDInterface:2ff08fa Section
\Sessions\1\BaseNamedObjects\node-debug-handler-5940 Section
\Sessions\1\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\1\Windows\Theme2547664911 Section
\Windows\Theme3854699184 Section

Loaded Modules:

Path
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 330000017BB47778D9105DF03500000000017B
  • Thumbprint: BEEAE4260DF5E82B6339FC4E31EF525A26A17AD0
  • Issuer: CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Skype Software Sarl, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: Skype.exe
  • Product Name: Skype
  • Company Name: Skype Technologies S.A.
  • File Version: 8.64.0.88
  • Product Version: 8.64
  • Language: English (United States)
  • Legal Copyright: (c) 2020 Skype and/or Microsoft
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/67
  • VirusTotal Link: https://www.virustotal.com/gui/file/4f7db4e99c838449c8261dd195cd2bf3a2cfdb6b873203b1917cf86f22ce6298/detection/

Possible Misuse

The following table contains possible examples of Skype.exe being misused. While Skype.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_squirrel_lolbin.yml - Skype DRL 1.0
malware-ioc groundbait === Prikormka *SKYPE* modules © ESET 2014-2018
malware-ioc interception C:\ProgramData\Skype\Skype.exe © ESET 2014-2018
signature-base apt_lazarus_dec17.yar $s3 = “Skype Technologies S.A.” fullword wide CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.