Last week, we received a sample that was spammed to a Skype user through a message containing a link. The user clicked on the URL and downloaded a file named sp.exe that was executed. This trojan, is not to be confused with the Chatosky malware which also propagates through skype chat messages.

I won't provide too much details on how I unpacked the sample because it uses a commercial product, but I feel comfortable talking about the copy pasted code.