During our daily log analysis, we recently encountered a sample purporting to power up Skype with different emoticons. The binary, when installed, integrated itself with Skype and sent the following message contacts without further intervention.
The binary in question (SkypEmoticons.exe) can be downloaded from hxxp://skypemoticons.com/.
Home page of hxxp://skypemoticons.com/
After installation it dropped following executable files:
Most of the dropped files are Adware which may lead to some malicious activities.
Contacted sites from which dropped files were downloaded:
We also observed User-Agent: TixDll being used for downloading the files, which provided a handy mechanism to do some data mining and identify other domains associated with the adware. The following malicious domains were observed to be contacted via this User-Agent: