skypesetup.exe

Skype

Innovative Systems LLC

The application skypesetup.exe by Innovative Systems has been detected as adware by 22 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from skype.joydownload.com and multiple other hosts.
Publisher:
Innovative Systems LLC  (signed and verified)

Product:
Skype

Version:
1.0.0.0

MD5:
53e8da892a7ffc9e787ef7041a7ecf6e

SHA-1:
c11346fe1031cc7825584f26b1774ecede160e69

SHA-256:
15632dc0a038ceafebaba24af2a0daba5493e32dda62afee13282dadd0bf34c9

Scanner detections:
22 / 68

Status:
Adware

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
11/25/2024 10:25:29 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.OpenCandy
2014.11.14

Avira AntiVirus
APPL/Downloader.Gen
7.11.185.132

avast!
Adware-gen [Adw]
2014.9-141119

AVG
OpenCandy
2015.0.3285

Baidu Antivirus
Adware.Win32.OpenCandy
4.0.3.141119

Clam AntiVirus
Win.Trojan.Agent-803351
0.98/21411

Comodo Security
Application.Win32.OpenCandy.~WD
18598

Dr.Web
Adware.OpenCandy.55
9.0.1.0323

ESET NOD32
Win32/JoyDownloader
8.10297

G Data
Win32.Adware.OpenCandy
14.11.24

IKARUS anti.virus
PUA.JoyDownloader
t3scan.1.7.5.0

K7 AntiVirus
Unwanted-Program
13.180.12456

Malwarebytes
PUP.Optional.OpenCandy
v2014.11.19.10

McAfee
Artemis!53E8DA892A7F
5600.6941

NANO AntiVirus
Riskware.Win32.OpenCandy.cxlnia
0.28.0.60253

Reason Heuristics
PUP.Installer.InnovativeSystems.K
14.11.19.22

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5
23.00.65.141117

Sophos
OpenCandy
4.98

Trend Micro House Call
Suspici.792C221A
7.2.323

Trend Micro
ADW_JOYLOAD
10.465.19

VIPRE Antivirus
Opencandy
32442

File size:
496.4 KB (508,264 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\skypesetup.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
9/19/2014 9:00:00 AM

Valid to:
9/20/2015 8:59:59 AM

Subject:
CN=Innovative Systems LLC, O=Innovative Systems LLC, L=Dnepropetrovsk, S=Dnepropetrovska, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
09A91C40EAE34E72CD975B0B218AE4BA

File PE Metadata
Compilation timestamp:
5/20/2013 8:52:48 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:MQgL+gW+muwOkRJgD/2y/cOv/hE2NKZcuOgyB38bxgp6:tS+8LIJI2bG/mRyVIR

Entry address:
0x331F

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 30, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, BC, 70, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 08, A3, D8, 7A, 7A, 00, E8, A8, 2E, 00, 00, A3, 24, 7A, 7A, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, D0, EE, 79, 00, FF, 15, 7C, 71, 40, 00, 68, 7C, 93, 40, 00, 68, 20, 6A, 7A, 00, E8, 13, 2B, 00, 00, FF, 15, 34, 71, 40, 00, BB, 00, 20, 7B, 00, 50, 53, E8, 01, 2B, 00, 00...
 
[+]

Entropy:
7.8653

Packer / compiler:
Nullsoft install system v2.x

Code size:
24 KB (24,576 bytes)

The file skypesetup.exe has been seen being distributed by the following 32 URLs.

http://skype.joydownload.com/get_azure_file/wUiS4WnYccXBwj pXP7oQlssmVx1NTutClirNM7Y9uk153f/oW5gwJgELk31LuKoLXj/ylJSIGGOGe2hHac8gLNmztTLWFDFqm3qBwX9u3GtifbQvNKbm2BBs8xp10dJF3ylACx3kNEivSH UHHPGeAJ2syiPTYDYqtxdFFPZuyiEj8/ZpuGcwkpz6vmGDR6O5f5kucyBHv96wSbw7gvFpn esSkfSQUn5j/SPsvxhcU6Yn6ilH9a61xnG sAs9X/.../rBwfhoojvig==

http://skype.es.joydownload.com/get_azure_file/wUiS4WnYccXEwj /TeqjC1c0kw48PjymHhH6Z9vQtuh152f0sDcx2dBNJ0DtevylYSfjhxdKOSCGGOO1Xuxj0bIjzsCXFQ6T/Sv CVT8 3G9geeV6svT0mlKq4cxkV4BXnWtGH4swNEivSH5UHGYQ7pOw4TrNjcNeu1rbFhTYuayFCZtc43EIxEwz/qtUnM3c8b40ucnTTDuoFGWlv5nR5i etD3NiVO1IK3H M2nRkH5sv3iVLqOPMpwj6tQMVc6s2pACKg88TTz2hlJ6gWDdEvMjwptui1S0U92kPyxdYHGS/.../woojvig==

http://skype.il.joydownload.com/get_azure_file/wUiS4WnYccXDyCf4UfO5CV530RJ0YyqsWxL3as6Q7qp2uHf14WJ0wclbZQe Ku7uNCq2wVBZNGCIHuyvEb50ybtq1pneFQfS9SjyHgGu5i/gzLbDpZrSkmlZ58xkkV4BXnCtGDx3lscv znxGWmdSq4KkZu0JTxEYrg2JQpMaOa3AzkqPIuOOE5q2bPvUSwncpe2lf8 TWO7uEjOjvQvDpG3Ypv3O2NXnMu/F/smmw8eroL h0q4N/5nnG sAMVP78S9UXKquZKaiG95M6RIHI48Mjwptui1S0U92kPyxdYHGS/.../woojvig==

http://skype.joydownload.com/get_azure_file/wUiS4WnYccXBwj sXP7oQkEsnl0kPTqlHB73cteQv A8/yan9np5ktEPJgTtbrHuaSzglAEaIGjPEeqtCrc0wqtrh8yeDR7RpnvqBwX9u3GtivbXvNKbm2dBs8Np3wBQXzWtCzp/hoByt2uvGTbdBfxCnY 0JTxEYrs4PVxLIaS0XHt1as/cLVgojaHuAHJ8O8WugKRwTDWouRnFmfV R8n0MJe8ZDJW2cuvSKFkxl9A/.../UlK04Ijvig==

http://skype.joydownload.com/get_azure_file/wUiS4WnYccXAwj uQbjxCggnkkU3LTPkEhv4cp K4fE9tG//qSt4yNEcax6zerC/NXW20lZaMGeKHvusW780yas5nZKPDE b/SXqDkLlszi1ivXbvI2B0iMX8Nx1wQlQXzWtDzRn15hgvn7oUSCTRrZOnpi9Y2JFerJxJRsFIa30V2h0O8TILAl3xOG9UHM3c9z40Ok0CW6zs1zIlfQvDpG3YoL3O2NXnMu F/.../UlK04Ijvig==

http://skype.joydownload.com/get_azure_file/wUiS4WnYccXBwj pXP7oQlssmVx1NTutCkGrNM7Y9uk053f8pnp5iNEMJ1W4K6n3fHm7ykYfaz3YRK7kCr50yb9q1pDCW1jEvT3zT0z0smm9iPTDpZrSkmlZ58xkkV4BXnCtGDx3lscv znxGWmaSq4ckZPzPHQNa7MgLhsJIaS0XHt/.../HCrh xqajvQvDpa3YpT3MyRO1IK3HO0ujV5OpMiozg28K prwmTzEcQe5MWxUT2toZrTkC0qdbdRTsc3P3Ux5arnRFg0nB3p3dxAEinoAQr6qpLvig==

http://skype.joydownload.com/get_azure_file/wUiS4WnYccXBwj zXP7oQkEsml0kPTy1E1v4ZtbB4Kt2tCersGMrwdoKLEHlb7j9OHq3g15aOHHIX/usW782yath1s3eDQ b7WmhWFT8 3G5gefTrNvcl2ZZqtY6glVIRiL SX4pxYpsvHfoUSCTRbZOi5yod2IVY/o4LBIdc/.../wgp4RV2mhGFi79ojvig==

http://skype.es.joydownload.com/get_azure_file/wUiS4WnYccXBwj qXP7oQkEsm10kPjuhChOxatrZp7Z rTy893p5ktEPKUbiYLj8Pne9yxdSMGmeX621E/Y9wrNyxdSWRAaS9T2 VRLlszi1jf/DrNvalWVOs55ziVRCXmTzU301yJJgu2mmSGjaSrlW2oS6fndSerJxJRsFIeyuAmh0IcTPLVgoiKv2RH95LZf5kuc0CmOo8QGG3KovUdb4MNz7JyRO1IK3HuM2xkRB/4O h1ryfKhxhSflCclX/.../UlK04Ijvig==

http://skype.joydownload.com/get_azure_file/wUiS4WnYccXBwj zXP7oQkEsml0kPTy1E1v4YtbB6qAk5ib0pWJgjIJQeRigK6n3fHm6ykYObT/YTqu1E/Y9wLNyxsWcFQfS9SzyHgau7Gm0yP/.../o4KRIdZue3DzgqasWXLBomjafmGy8ne4f5kucxBHvs6waajvQvDpO5etDtNDgcioLoWaxkgUhduJr2zlL6ZLgx0z6tQMVc5NW6UXKquZKaiGp5M6RIBo47M20hsuCjGx9zhVW61NdWUHW1FAaqqZvvig==

http://skype.joydownload.com/get_azure_file/wUiS4WnYccXEwj /TeqjC1c0kw48PjymHRDwY9XStOh152b0sC4rn8kFbk3hYqn PXG4xlFKOSCGGumtCuFugPk8lY/YRVCD9GzyCUzl yD2y6DDpZrSl2lZ98ps1wAARn3kAD1/hsEq/.../UlK04Ijvig==

http://skype.ar.joydownload.com/get_azure_file/wUiS4WnYccXBwj zXP7oQkEsml0kPTy1E1v4Y9bB9bpi/269qGt42doNK1XsK7H4NWHqmQgNIGjPEeijEqd0mPAgkYXIQ0nR4XqwWVT8 3G8geeX943KmiBBp58igVdAUHCiGDU2nsIp9DmuAyDZHO0VjYW9JTxEYrw4PVtUeu iRHE8csjENE190PWxUDQuO4/.../83DWiouRnFmvV Udr9KYD7fXoF1cC5HO8mnBoT5Ij2zlL6ZLgx0z6tQMVc5NW6UXKquZOaiHNjdb0AT4M3Kzh67rb4WllzhVW61NdWUHW1FAaqqZvvig==

Latest 30 of 32 download URLs

Remove skypesetup.exe - Powered by Reason Core Security