s2setup.exe

Skymonk Solutions Limited

The application s2setup.exe by Skymonk Solutions Limited has been detected as adware by 3 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from update.skymonk.net.
Publisher:
Skymonk Solutions Limited  (signed and verified)

MD5:
021bbbbda8333c2d018c3dca2eb69d07

SHA-1:
bb864763bd0b0168d065159df2da0399cda12ab5

SHA-256:
ac6caf3f79a3576d02cd79dfc017ce6f5f425797cf4d3e1e28f32078d69a9472

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
11/27/2024 6:43:49 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Tool.Skymonk.14
9.0.1.0359

Reason Heuristics
PUP.Installer.SkymonkSolutionsLimited.H
14.5.19.1

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.131223

File size:
1.2 MB (1,245,520 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\s2setup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/9/2012 3:00:00 AM

Valid to:
4/10/2015 2:59:59 AM

Subject:
CN=Skymonk Solutions Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Skymonk Solutions Limited, L=Tortola, S=Tortola, C=VG

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
632A5F301191DF03C4933D982BAD525F

File PE Metadata
Compilation timestamp:
2/24/2012 9:22:01 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:mDSnb1l21D6iq6v/86t1Y8dQOBEmGdW2a0nDG320bgqYryjmn:F1MhDvkG1VdQzmwW2a0irbTQWmn

Entry address:
0x36DA

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 1C, C7, 44, 24, 10, C0, 8A, 40, 00, 89, 5C, 24, 18, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, AC, 80, 40, 00, 53, FF, 15, A4, 82, 40, 00, 6A, 08, A3, 18, 36, 45, 00, E8, FD, 28, 00, 00, 53, 68, 60, 01, 00, 00, A3, 28, 35, 45, 00, 8D, 44, 24, 3C, 50, 53, 68, BF, 8A, 40, 00, FF, 15, 70, 81, 40, 00, 68, B4, 8A, 40, 00, 68, 20, F5, 44, 00, E8, 27, 26, 00, 00, FF, 15, A8, 80, 40, 00, 50, BF, 50, C0, 47, 00, 57, E8, 15, 26...
 
[+]

Code size:
28 KB (28,672 bytes)

The file s2setup.exe has been seen being distributed by the following URL.

Remove s2setup.exe - Powered by Reason Core Security