Insights and Research

Beware Of Skype Adware

During our daily log analysis, we recently encountered a sample purporting to power up Skype with different emoticons. The binary, when installed, integrated itself with Skype and sent the following message contacts without further intervention.
 
The binary in question (SkypEmoticons.exe) can be downloaded from hxxp://skypemoticons.com/.
 
Home page of hxxp://skypemoticons.com/ 
 
After installation it dropped following executable files:
 
 
Most of the dropped files are Adware which may lead to some malicious activities.
Here is the VT report for SkypeEmotions.exe.
 
 
VT reports of the various dropped samples:
 
MD5VT Hits
aa9af86b02f4e497eb0284872b50af4121/54
e96f6d6257bdcb54c297569d42219e9722/54
1d283dd3ae2312eee624e8b8c46f6adb45/51
666ab79b63833a2a2502c119f0843b4a22/54
364207a743ff39207667a0c89ff3876820/53
02861acc8be1b59be2db226947a384b25/54
23912df27a61ea0463c5509ba6a9757938/52
cee68ad38668785cd39e37ca069f8b8519/54
b4eb856acc30b0005a44b87566850fb33/54
2830932fca42074f17c46c56b4942ac223/54
 
Contacted sites from which dropped files were downloaded:
  • hxxp://homebestmy.info
  • hxxp://superstoragemy.com
  • hxxp://setepicnew.info
  • hxxp://198.7.61.118
  • hxxp://54.187.76.32
  • hxxp://54.213.103.160
We also observed User-Agent: TixDll being used for downloading the files, which provided a handy mechanism to do some data mining and identify other domains associated with the adware. The following malicious domains were observed to be contacted via this User-Agent:

hxxp://getapplicationmy.info         
hxxp://applicationgrabb.com             
hxxp://appmegga.info                              
hxxp://downlloaddatamy.info           
 
Other domains identified in our logs contacted by this User-Agent are not currently showing any malicious activity, but may deliver some malicious content in the future:
 
hxxp://appussajob.info
hxxp://dirgreatbestepicl.info
hxxp://embededstub.de.drive-files-b.com
hxxp://embededstub.download.dmccint.com
hxxp://fra-7m17-stor06.uploaded.net
hxxp://getdirfrfee.info
hxxp://getgoolld.info
hxxp://getinstaal.info
hxxp://getmeegan.info
hxxp://homebestmy.info
hxxp://setepicnew.info
hxxp://softservers.net
hxxp://superstoragemy.com
hxxp://xml.dljs.org
 
Use caution when installing any add-on program, especially one that is able to control a powerful communication tool such as Skype.  
 

Stay up to date with the latest digital transformation tips and news.

By clicking the submit button, you are agreeing to our privacy policy.