Sample details: 8d9deea723651a2bdc2c486b1b55ed20 --

Hashes
MD5: 8d9deea723651a2bdc2c486b1b55ed20
SHA1: a0a30a06d8671de67be9131ed250830432bd516b
SHA256: 616770f5406d34183dd3f340b300df8fdbb2d307aa9d87a3ada89777a39f4201
SSDEEP: 3072:YD4E/tT2qlEghghUpR4hBha6g9SHyYA2TsKub9v+iFw0+/nrKjAmCbho:YD4m3lEg62pihBha6+SHy72YK1if2f6
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50 | YRP/PureBasic_4x_Neil_Hodgson_additional | YRP/PureBasic_4x_Neil_Hodgson | YRP/PureBasic4xNeilHodgson | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/PureBasic | YRP/domain | YRP/contentis_base64 | YRP/screenshot | YRP/keylogger | YRP/win_files_operation | YRP/Big_Numbers1 | YRP/CRC32_poly_Constant | YRP/CRC32_table | YRP/MD5_Constants |
Source
http://www.microsoftskypefor.business/static/SkypeUpdate.exe
http://www.microsoftskypefor.business/static/SkypeUpdate.exe
Strings
		!This program cannot be run in DOS mode.
`.text
`.rdata
@.data
\$LK;\$
SUWPj 
t8VWA:
L$4SVQ
L$4SVQ
L$4SVQ
L$4SVQ
L$4SVQ
L$4SVQ
L$4SVQ
L$4SVQ
T$4UVR
T$4UVR
L$4UWQ
L$4UWQ
L$4SVQ
L$4SVQ
T$4UVR
T$4UVR
L$4SVQ
L$4SVQ
L$4SVQ
L$4SVQ
]0_^[]
]0_^[]
1zlpt	
2zlpu&j
tfSVWP
>1zlbuQ
QQh0;A
taHtZHt5Huy
tPOt8Ot	j
~,Wh53
SUVWPQ
SUVWPQ
UVWSP3
ItJIt2
(VWj(3
!~(_^[
L$4QPW
QSVWhd
2147483648
SHGetPathFromIDList
SHBrowseForFolder
SHELL32.DLL
Stack overflow
Single step trap
Privileged instruction
Exception handler tried to continue after non-continuable exception
Exception handler returned unknown value
Integer overflow
Division by zero 
Memory page error
Illegal instruction
Floating-point underflow (exponent too small)
Floating-point stack overflow or underflow
Floating-point overflow (exponent to great)
Invalid floating-point operation
Inexact floating-point result
Division by zero (floating-point)
Denormal floating-point operand
Misaligned data access
Debugger breakpoint reached
Array bounds exceeded
Invalid memory access
Unknown error code
Static
Button
PB_DropAccept
PB_WindowID
WindowClass_%d
PB_Focus
PB_MDI_Gadget
SysIPAddress32
ComboBoxEx32
MDI_ChildClass
PB_Hotkey
IsAppThemed
uxtheme.dll
DllGetVersion
COMCTL32.DLL
AlphaBlend
msimg32.dll
?UUUUUU
?GetLongPathNameA
Kernel32.DLL
PB_PostEventMessage
PostEventClass
%d:%d:%d:%d
0123456789abcdef
Qkkbal
-InitOnceExecuteOnce
Kernel32.dll
PB_GadgetStack_%i
sysnative
memset
MSVCRT.dll
GetModuleHandleA
HeapCreate
GetCommandLineA
RemoveDirectoryA
GetTempFileNameA
GetShortPathNameA
GetWindowsDirectoryA
GetSystemDirectoryA
HeapDestroy
ExitProcess
GetExitCodeProcess
GetNativeSystemInfo
FindResourceA
LoadResource
SizeofResource
KERNEL32.dll
strncmp
memmove
strncpy
strstr
_strnicmp
_stricmp
strlen
strcmp
memcpy
sprintf
malloc
fclose
strcpy
tolower
HeapAlloc
HeapFree
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
CloseHandle
InitializeCriticalSection
GetModuleFileNameA
GetEnvironmentVariableA
SetEnvironmentVariableA
CreateFileA
ReadFile
WriteFile
SetFilePointer
DeleteFileA
GetFileSize
HeapReAlloc
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
SetLastError
HeapSize
TlsAlloc
GetCurrentDirectoryA
SetCurrentDirectoryA
GetTempPathA
SetFileAttributesA
CreateDirectoryA
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
CharUpperA
CharLowerA
MessageBoxA
SendMessageA
PostMessageA
GetWindowThreadProcessId
IsWindowVisible
GetWindowLongA
GetForegroundWindow
IsWindowEnabled
EnableWindow
EnumWindows
SetWindowPos
DestroyWindow
GetWindowTextLengthA
GetWindowTextA
SetRect
DrawTextA
GetSystemMetrics
ReleaseDC
GetSysColor
GetSysColorBrush
CreateWindowExA
CallWindowProcA
SetWindowLongA
SetFocus
RedrawWindow
RemovePropA
DefWindowProcA
SetPropA
GetParent
GetPropA
GetWindow
SetActiveWindow
UnregisterClassA
DestroyAcceleratorTable
LoadIconA
LoadCursorA
RegisterClassA
AdjustWindowRectEx
ShowWindow
CreateAcceleratorTableA
PeekMessageA
MsgWaitForMultipleObjects
GetMessageA
GetActiveWindow
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
GetFocus
GetClientRect
FillRect
EnumChildWindows
DefFrameProcA
GetWindowRect
IsChild
GetClassNameA
GetKeyState
DestroyIcon
RegisterWindowMessageA
USER32.DLL
GetStockObject
SelectObject
SetBkColor
SetTextColor
GetTextExtentPoint32A
CreateSolidBrush
DeleteObject
GetObjectA
CreateCompatibleDC
GetDIBits
DeleteDC
GetObjectType
CreateDIBSection
BitBlt
CreateBitmap
SetPixel
GDI32.DLL
InitCommonControlsEx
COMCTL32.DLL
CoInitialize
CoTaskMemFree
RevokeDragDrop
OLE32.DLL
ShellExecuteExA
SHELL32.DLL
timeBeginPeriod
WINMM.DLL
PathQuoteSpacesA
PathGetArgsA
PathAddBackslashA
PathRenameExtensionA
PathUnquoteSpacesA
SHLWAPI.DLL
(f!Rtb
Z'H!E	-W2
+j.m/A
}66kL7=V
aS3`S;A
^PN@<k
sQ;`c3
6VgC3`
v: Vc<
%928cG
S)q.&*
IDATy?
2ICDZzp2
?IWDI9(N1
DLQ@F<f
t&q\|'U
I{B,RZ
Hn,T@!
`A	~i{
]Yy%2&]
K1lh;,
	dCClG
i@p0I`P
_eAJ9e
ufl' ,
ozQZ	hX
9O`*w4V
PY\9\?`
@r$r	UL
W5zJ0U
anq-nP
Y	03&c
pAS}"P
Be+_]_
ju9S&r
9tY0Jq
=GTWtQ^
J3CC#R1(i
*AP+UE
A75;J0
j9IJUI
vp\Q\jM
*4O5?(
	~:Y3d#&
 yh-O}
I ?_,`m0
Jo[)P8
^]|%5[ N@PP)!
7?[UQ4v
\TM$jt
sDFURi
e>3Jkt6Y
![8ys2
{Wc(.T|K
(rL>) 
 "wF|)
{e~P\D
E.@8Ns
z7.w0H
N5Ypg<(p
|Y-[5(
U6cMku&Jx#
99	W*\
UBuH^=
pw4(GxT[
(FBd}^]=ifg
Ji("BL
gW)Hg9
Z	mD_ D
;lbg Z
f`w4Bt6'x
rOvkqm
MUQO/S
R~:&p/q
nZh)kPe
\fa>G*
T= !K0
|z} )4
itKG3u
Dv08?wp
KSZ.RZ
@0p_8y
|9Oa.O&?h
kuhU[t
wj8[7{
ydF#g4
V!g/d H:&
zY){aJ'
b0a}b:
5<P?K'
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity
    version="1.0.0.0"
    processorArchitecture="X86"
    name="CompanyName.ProductName.YourApp"
    type="win32" />
  <description></description>
  <dependency>
    <dependentAssembly>
      <assemblyIdentity
        type="win32"
        name="Microsoft.Windows.Common-Controls"
        version="6.0.0.0"
        processorArchitecture="X86"
        publicKeyToken="6595b64144ccf1df"
        language="*" />
    </dependentAssembly>
  </dependency>
</assembly>PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD