skypesetup.exe

Skype

Innovative Systems LLC

The application skypesetup.exe by Innovative Systems has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from skype.joydownload.com and multiple other hosts.
Publisher:
Innovative Systems LLC  (signed and verified)

Product:
Skype

Version:
1.0.0.0

MD5:
abb99f5bf79d945c733ef1e76ae27bcc

SHA-1:
be7264fa86e6c54da7170d6455ba535561abd010

SHA-256:
01d9cceb2fcaad68cfacad40cbce3ed79c4af4c916e57f0d0a668454a4aa831d

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
11/25/2024 10:46:31 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.OpenCandy
7.1.1

AhnLab V3 Security
PUP/Win32.OpenCandy
2014.07.20

avast!
Win32:Adware-gen [Adw]
2014.9-140806

AVG
Generic
2015.0.3391

Clam AntiVirus
Win.Trojan.Opencandy
0.98/21411

Comodo Security
Application.Win32.OpenCandy.~WD
18598

Dr.Web
Adware.Downware.5295
9.0.1.0218

ESET NOD32
Win32/JoyDownloader
8.10122

IKARUS anti.virus
PUA.JoyDownloader
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.180.12456

Malwarebytes
PUP.Optional.OpenCandy
v2014.08.06.11

McAfee
Adware-Opencandy
5600.7047

NANO AntiVirus
Riskware.Win32.OpenCandy.cxlnia
0.28.0.60253

Reason Heuristics
PUP.Installer.InnovativeSystems.K
14.8.6.11

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5
23.00.65.14804

Sophos
Generic PUA LO
4.98

Trend Micro House Call
Suspicious_GEN.F47V0715
7.2.218

VIPRE Antivirus
Opencandy
31402

File size:
489.6 KB (501,384 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\skypesetup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
5/19/2014 4:00:00 AM

Valid to:
5/20/2015 3:59:59 AM

Subject:
CN=Innovative Systems LLC, O=Innovative Systems LLC, L=Dnepropetrovsk, S=Dnepropetrovska oblast, C=UA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
450EACFE8D673E82864CE46BC1A92FCA

File PE Metadata
Compilation timestamp:
5/20/2013 3:53:11 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:DKcfLvynSahdYEkY9cI4FwU/XWdeu215mzjr:VjvynSi6Zudeu21gzjr

Entry address:
0x333E

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 30, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, BC, 80, 40, 00, 55, FF, 15, AC, 82, 40, 00, 6A, 08, A3, 78, 4F, 43, 00, E8, A8, 2E, 00, 00, A3, C4, 4E, 43, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, F0, B1, 42, 00, FF, 15, 7C, 81, 40, 00, 68, 7C, A3, 40, 00, 68, C0, 3E, 43, 00, E8, 13, 2B, 00, 00, FF, 15, 34, 81, 40, 00, BB, 00, F0, 43, 00, 50, 53, E8, 01, 2B, 00, 00...
 
[+]

Entropy:
7.8556

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file skypesetup.exe has been seen being distributed by the following 19 URLs.

http://skype.joydownload.com/get_file/wUiS4WnYccXEwj /TeqjC1c0kw48PjynHx3yYt7Us h152b0sCsrn8kFdE3mY/j2OXmulgsEZjbOCeLkErY90bhjzdSWRAaQ/yXqWB 0 CfuwrCT8svT0mlOq4dz2BwCAWSsSTRxntF/p3evSGjaSr1YwtWCbH5HPdpna11PLfq/A2h0O8TMLAl9z7PvUSwicpe1iLNhUS75oFGMlvxmFsvkJNClLHte1dO8Hvsv3BcW55q71AzqZel/.../rBwfhoojvig==

http://skype.joydownload.com/get_file/wUiS4WnYccXBwj sXP7oQkEsnl0kPTqnHBj3cteQv A8/zyn9np5iNEMJ1Xma6n3fHm9wF5KZjrPW7X2UfB1n6trh8yYDR7SpGa4WVT8 3G9geeV6svT0mlKq4cxkV4BXnStGGE2hshq9CzwSCTAHugDj4TzPHQNa7MgbEFbIaSuXHt0O8TNLAli1fX2GWUve4/g0O4zHGL5uFzFjqkzWMboMtClLHtf1dO8HuA2lF4f64Lv2BC4N gghSf/.../wgr4RV2mhGFi79ojvig==

http://skype.joydownload.com/get_file/wUia6yjQOMnI2niiRfO4HBAtwV03OziiHRr7Z9javqA87m/s5DEm2dBNJ0Htern P3e8xUZTcWmKEfvxR ljlvtyz4WXBAaD/izxHk20sni1mbaI svTyGlKqtY6glVIRiL SX4pxYpsvHfoUSCTRbZOi5yod2IVY/o4LBIdavajRHE8cszENBohnqqnGCUvasWrhf8 TWO5uEjOn/.../YghSflCc5Z5NXYGDCp5vLF3mlgeeMLEJY2dA==

http://skype.joydownload.com/get_file/wUia6yjQOMzI2m6zUbjxEAgnkxQ8PDK1QUGmcteQv E8/2T9sGMxwdkEPwOjerC/NXK20lVKOSCGHeO1Tf13mvs11s3EDQ2V/yr/C0X1unq0yP/.../fM7LNBBhhqLuAGZ8LJf5kuc2BHu7sVzdl7xmBZK3Ypb3LDEAjoj4X7U2lF4f6ILvzgOxLv9nnG sBcVPuJjnFyyroZrTkC8qdbdATJY2dA==

http://skype.joydownload.com/get_file/wUia6yjQOMnI2niiRfO4HBAtwV03OziiHxHwYN/bvqA87m/s zEm2dBNJ0Xterr/LXj/ylJSIDXTR73yWqc8gLNjztScBAWD9GzyDUb9qi/myLWN/5Cd0z9ZqtY6hl9QFy3uSmtnn4Aj iHoDDrFFa5Xi83gMz0VC J7b01sZuuyFmQqMJvcLVgoj6v2Un9xao6x2 4/HGi5tEjE3/.../86k2UrzLaBznT6kAc9Z7sKpSDrjsJuC2XV0db0aT4U2dA==

http://skype.1-136-220405.53c83243d12fa.jdcdn.net/get_file/PCpZaV46be4FkJ2PXAeebQ/1405632595/1/13/1/.../SkypeSetup.exe

http://skype.joydownload.com/get_file/wUiS4WnYccXBwj pXP7oQlssmVx1NTutCkGrNM7Y9uk053f/oXp5iNEMJ1W4K6n3fHm7ykYfaz3YRK7kCr50yb9q1pDCW1jEvT3zT0z0smm iPzDpZrSkmlZ58xkkV4BXnCtGDx3lMcp znxGWmdSq4KkZu0JTxEYrg2JQpsaOa3AxkqPIuOOE5q2bPvUSwkeI/ghbR2TjXr x NwO1nR5i4etDtNDgcitO2XuMmlQ9RqZr2zlL5ZLh0hSflCclX/JLzAyCr5oObwyYhY7ZER401P3wju6GtHhBzzk/.../rFAzwpYjvig==

http://skype.joydownload.com/get_file/wUia6yjQOMzI2nSzUbjxCggkkkU3PCqsWxLxas6V7Lck5ib0pGJgydkOKUfierC/NXe20gIBbjaeEKqtGbE90do7jYbIZFnVum/mWQ6iqnD8gfTRpMuMyCAL/cR5xhceRn3kADt/.../kSa0Vocdt4XuUXKwuZCUmiogZrJLTIc2dA==

Remove skypesetup.exe - Powered by Reason Core Security