skypemoticons.exe

ClearAsky Installer

This uses the software InstalleRex download manager which bundles a number of adware plugin and browser extensions and is distributed via TusFiles. The application skypemoticons.exe, “Installer for ClearAsky Installer” has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the Tarma Installer installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme.
Publisher:
ClearAsky Installer

Product:
ClearAsky Installer

Description:
Installer for ClearAsky Installer

Version:
2014.7.12.1336

MD5:
8da299dceda19c932a57af34cdc26be7

SHA-1:
134b64666d41f26f7505d335f5682f76de8354d2

SHA-256:
0726c75a5de87957ecf5da5995c9167758b19df943a13a2ad5a1071058ddc197

Scanner detections:
24 / 68

Status:
Adware

Explanation:
Uses the InstalleRex from WebPick Internet Holdings to install bundled add-ons including toolbars and other web browser extensions.

Analysis date:
12/25/2024 6:33:22 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.324119
924

Agnitum Outpost
Trojan.AntiFW
7.1.1

AhnLab V3 Security
PUP/Win32.TSULoader
2014.07.26

Avira AntiVirus
Adware/InstallRex.A.3
7.11.163.248

Bitdefender
Gen:Variant.Kazy.324119
1.0.20.1030

Bkav FE
W32.FamVT.AntiFWK.Trojan
1.3.0.4959

Comodo Security
Application.Win32.InstalleRex.KG
18969

Dr.Web
Threat.Undefined
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Kazy.324119
8.14.07.25.03

ESET NOD32
Win32/InstalleRex.M potentially unwanted application
7.0.302.0

F-Secure
Gen:Variant.Kazy.324119
11.2014-25-07_6

G Data
Gen:Variant.Kazy.324119
14.7.24

K7 AntiVirus
Trojan
13.181.12846

Kaspersky
Trojan.Win32.AntiFW
15.0.0.494

Malwarebytes
PUP.Optional.InstalRex
v2014.07.25.03

McAfee
PUP-FMK
5600.7058

MicroWorld eScan
Gen:Variant.Kazy.324119
15.0.0.618

NANO AntiVirus
Riskware.Win32.InfoLeak.cvgqot
0.28.2.60990

Qihoo 360 Security
Malware.QVM20.Gen
1.0.0.1015

Quick Heal
Trojan.AntiFW.A5
7.14.14.00

Reason Heuristics
Adware.WebPick.Installer.N
14.8.1.0

Sophos
InstallRex
4.98

Vba32 AntiVirus
Downware.TSU
3.12.26.3

VIPRE Antivirus
Threat.4150696
31208

File size:
310.7 KB (318,176 bytes)

Product version:
1.0.0.3

Copyright:
Copyright © 2014 ClearAsky Installer

Original file name:
TSULoader.exe

File type:
Executable application (Win32 EXE)

Installer:
Tarma Installer

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\skypemoticons.exe

File PE Metadata
Compilation timestamp:
3/12/2013 3:51:45 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:hr5bUzkuvcBYC47l2xGnV6OjJaV490B6lKPk3JDEbk0teSVtw:hrqkuveY3RnV6c800oIpbv0SVtw

Entry address:
0x14DB

Entry point:
55, 8B, EC, 81, EC, 2C, 06, 00, 00, 53, 56, 33, DB, 57, 66, 89, 9D, DC, FB, FF, FF, 89, 5D, F4, 89, 5D, FC, FF, 15, 74, 30, 40, 00, A3, 08, 44, 40, 00, FF, 15, 70, 30, 40, 00, 8B, F8, 8D, 45, EC, 50, FF, 15, 6C, 30, 40, 00, FF, 15, 68, 30, 40, 00, 8B, F0, F7, D6, 33, F7, FF, 15, 64, 30, 40, 00, 33, F0, 8B, 45, F0, 33, 45, EC, 68, 04, 01, 00, 00, 33, F0, 8D, 85, D4, F9, FF, FF, 50, 53, FF, 15, 60, 30, 40, 00, 85, C0, 75, 41, FF, 15, 5C, 30, 40, 00, 83, F8, 78, 75, 1A, 68, A8, 32, 40, 00, E8, 43, FB, FF, FF...
 
[+]

Entropy:
7.9533

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

The file skypemoticons.exe has been seen being distributed by the following URL.

Remove skypemoticons.exe - Powered by Reason Core Security