skypesetup.exe

The application skypesetup.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. According to Microsoft Security Essentials, the software includes a bundle of the DealPly adware which is installed on a user's PC during setup using the InstallCore platform. The file has been seen being downloaded from downloader.downloadinfo.co and multiple other hosts a known adware distribution point operated by Downloadinfo.
MD5:
1c98559b3f2c8772701176b3658bc516

SHA-1:
9c3877aecfcabf352bc363bf97a106a4ce1930aa

SHA-256:
6e8a90f9398c3edf53a75e6bf1b23861367fce4563b7c0345ef17499aba19768

Scanner detections:
10 / 68

Status:
Potentially unwanted

Explanation:
This software bundler installs other potentially unwanted software, including DealPly. Which includes offers in a user's web browser which state they are "Powered by DealPly".

Analysis date:
12/26/2024 12:20:24 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.InstallCore
14.07.08

Avira AntiVirus
7.11.137.98

Comodo Security
UnclassifiedMalware
17938

Dr.Web
Adware.InstallCore.80
9.0.1.0189

ESET NOD32
Win32/InstallCore.AZ (variant)
8.9548

F-Prot
W32/InstallCore.W.gen
v6.4.7.1.166

Microsoft Security Essentials
1.10302

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14706

Sophos
Install Core
4.98

VIPRE Antivirus
InstallCore
27434

File size:
1.1 MB (1,203,848 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\skypesetup.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:OVUoZA0BgSpdjVwc8APvNkTvG0wEYur8xG6vuTkdTisspiMO7:yZTBgSpHKAeTvG0dYur8xciTis

Entry address:
0xD6810

Entry point:
55, 8B, EC, 83, C4, F0, B8, B8, FD, 41, 00, E8, 29, F4, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
869.5 KB (890,368 bytes)

The file skypesetup.exe has been seen being distributed by the following 6 URLs.

http://downloader.downloadinfo.co/?id=c78d4cea467af8c88eb24161a2fc3a35a48a7340&ts=1357411420&r=/review/.../?kw=skype account sign in&subid=DISKUS&cust=skype account sign in&type=skype&gclid=CMiX29_v0bQCFYYWMgodoQUAFA&utm_campaign=DISKUS&fwd=1

http://downloader.downloadinfo.co/?id=c78d4cea467af8c88eb24161a2fc3a35a48a7340&ts=1357323054&r=/review/.../?kw=skype&subid=DISKUS&cust=skype&type=skype&gclid=CMD6s8emz7QCFcqY4Aodc3IA3w&utm_campaign=DISKUS&fwd=1

Remove skypesetup.exe - Powered by Reason Core Security