skype.exe.exe

Start Playing

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application skype.exe.exe by Start Playing has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
Start Playing  (signed and verified)

MD5:
07bd924320e9c2ca7ab97a04be22435f

SHA-1:
832f2eb9c7bd505ca6f35680a54776c28c0afc1d

SHA-256:
283280fce52c19bfc567f89ac389bf8a58667af2b2f63e3fd2d9292e452e735a

Scanner detections:
21 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 6:11:55 PM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
W32S.Adware.RelevantKnowledge
2.1.4+

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.03.07

avast!
OutBrowse-BZ [PUP]
2014.9-150320

AVG
OutBrowse
2016.0.3165

Dr.Web
Trojan.OutBrowse.58
9.0.1.079

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Adware/OutBrowse
3/20/2015

F-Prot
W32/OutBrowse.O (exact, not disinfectable)
4.6.5.141

F-Secure
Gen:Variant.Buzy.298
11.2015-25-06_5

G Data
NSIS.Application.OutBrowse.AC
15.3.25

herdProtect (fuzzy)
2015.6.25.22

K7 AntiVirus
Unwanted-Program
13.202.15320

Malwarebytes
PUP.Optional.OutBrowse
v2015.03.20.02

McAfee
Adware-OutBrowse.e
5600.6821

NANO AntiVirus
Trojan.Win32.Generic.dorbni
0.30.8.659

Reason Heuristics
PUP.Bundler.Outbrowse
15.3.20.2

Sophos
OutBrowse Revenyou
4.98

Trend Micro House Call
TROJ_GE.4975FADD
7.2.79

Vba32 AntiVirus
AdWare.OutBrowse
3.12.26.3

VIPRE Antivirus
Threat.4823950
38552

File size:
610.4 KB (625,048 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\skype.exe.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
1/14/2015 1:43:40 AM

Valid to:
10/22/2015 6:57:40 AM

Subject:
CN=Start Playing, O=Start Playing, L=Dublin, C=IE

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112148ECE298BAB6D0ECDE90587F415A4159

File PE Metadata
Compilation timestamp:
12/5/2009 3:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:75aICPG8KZB7nEvPePqduw2OcQ5BeQu20UMgbXDd+4NLN6JBvB5lGXv1:75aICPLKP7nEv2w2OT5BzvXMT4NLN6Je

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9474

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file skype.exe.exe has been seen being distributed by the following URL.

Remove skype.exe.exe - Powered by Reason Core Security