skype.exe

Contumar Empresarial s.l.

This belongs to a Solimba product that may be bundled with additional PUPs or may be part of an ad-supported software program. The application skype.exe by Contumar Empresarial s.l has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from get.importantbestfiles.com.
Publisher:
Contumar Empresarial s.l.  (signed and verified)

MD5:
30a785f60be9ed43729a138a675b40de

SHA-1:
e0658a7f1c993a7640b30da67d516013c519d405

SHA-256:
ee7fdd26206dd0a54eb839bb605ba3cfb06d4593d27387a57c83c9a76f1bfc2f

Scanner detections:
25 / 68

Status:
Adware

Explanation:
Uses the Solimba installer to bundle adware offers.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 12:18:17 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.190520
5773570

Agnitum Outpost
PUA.Downloader
7.1.1

Avira AntiVirus
TR/Drop.Addrop.fddtf
8.3.1.6

Arcabit
Trojan.Adware.Graftor.D2E838
1.0.0.425

AVG
Generic
2016.0.3077

Bitdefender
Gen:Variant.Adware.Graftor.190520
1.0.20.835

Clam AntiVirus
Win.Adware.Graftor-947
0.98/20568

Dr.Web
Adware.Downware.11521
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.190520
10.0.0.5366

ESET NOD32
Win32/TrojanDropper.Addrop.J trojan
7.0.302.0

F-Prot
W32/S-b96a44a4
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Graftor
5.14.151

G Data
Gen:Variant.Adware.Graftor.190520
15.6.25

IKARUS anti.virus
AdWare.Downware
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.205.16253

Kaspersky
not-a-virus:RiskTool.Win32.ADInstaller
15.0.0.543

Malwarebytes
PUP.Optional.Solimba
v2015.06.16.09

MicroWorld eScan
Gen:Variant.Adware.Graftor.190520
16.0.0.501

NANO AntiVirus
Riskware.Win32.Downware.dsnqhl
0.30.24.2086

Norman
Gen:Variant.Adware.Graftor.190520
02.06.2015 14:23:46

Panda Antivirus
Trj/Genetic.gen
15.06.16.09

Reason Heuristics
PUP.ContumarEmpresarial
15.6.16.9

Sophos
PUA 'Solimba Installer'
5.15

VIPRE Antivirus
Threat.4150696
40830

Zillya! Antivirus
Dropper.Addrop.Win32.276
2.0.0.2226

File size:
655.1 KB (670,816 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\skype.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
2/2/2015 9:00:38 PM

Valid to:
9/24/2016 10:00:25 PM

Subject:
CN=Contumar Empresarial s.l., O=Contumar Empresarial s.l., L=Barcelona, S=Barcelona, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112119FE6AFB4FA7129F4F594CD3E07D5B21

File PE Metadata
Compilation timestamp:
5/28/2015 7:37:40 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:C1heIHTECcwLbmMkSxB2Filn+rKibmeeJC5LOFKGE3KoHKWfw0d7x1+ZR9XzL:4eIfz3ajKZeeJrmKoHu+l0H9XzL

Entry address:
0x10FEC

Entry point:
E8, 7E, 96, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F0, CB, 42, 00, E8, BE, 57, 00, 00, E8, 2C, 1D, 00, 00, 0F, B7, F0, 6A, 02, E8, 11, 96, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, BD, 4D, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.4721

Code size:
139 KB (142,336 bytes)

The file skype.exe has been seen being distributed by the following URL.

Remove skype.exe - Powered by Reason Core Security