skypesetup.exe

Skype

Innovative Systems LLC

The application skypesetup.exe by Innovative Systems has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from skype.joydownload.com and multiple other hosts.
Publisher:
Innovative Systems LLC  (signed and verified)

Product:
Skype

Version:
1.0.0.0

MD5:
6c8df51faecc6320e3f35c7ddeafb97e

SHA-1:
e14fe58332c6199f5c55c9617fb30f0ee01d1f5c

SHA-256:
a0bb412b35920c14ce50be570fa8700d5aa58cb309c89dfa32f3337ccedb01e6

Scanner detections:
21 / 68

Status:
Adware

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
11/25/2024 10:17:03 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.OpenCandy
7.1.1

AhnLab V3 Security
PUP/Win32.OpenCandy
2014.08.22

Avira AntiVirus
APPL/Downloader.Gen
7.11.168.220

avast!
Adware-gen [Adw]
2014.9-140908

AVG
Generic
2015.0.3358

Baidu Antivirus
Adware.Win32.OpenCandy
4.0.3.1498

Clam AntiVirus
Win.Trojan.Opencandy
0.98/21411

Comodo Security
Application.Win32.OpenCandy.~WD
18598

Dr.Web
Adware.Downware.6712
9.0.1.05190

ESET NOD32
Win32/JoyDownloader.D potentially unwanted application
7.0.302.0

G Data
Win32.Adware.OpenCandy
14.9.24

IKARUS anti.virus
PUA.JoyDownloader
t3scan.1.7.5.0

K7 AntiVirus
Unwanted-Program
13.180.12456

Malwarebytes
PUP.Optional.OpenCandy
v2014.09.08.08

McAfee
Artemis!6C04318E1E19
5600.7014

NANO AntiVirus
Riskware.Win32.OpenCandy.cxlnia
0.28.0.60253

Reason Heuristics
PUP.Installer.InnovativeSystems.K
14.9.8.8

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5
23.00.65.14906

Sophos
OpenCandy
4.98

Trend Micro House Call
TROJ_GEN.F47V0604
7.2.251

VIPRE Antivirus
Opencandy
32442

File size:
493.3 KB (505,144 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\skypesetup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
5/19/2014 3:00:00 AM

Valid to:
5/20/2015 2:59:59 AM

Subject:
CN=Innovative Systems LLC, O=Innovative Systems LLC, L=Dnepropetrovsk, S=Dnepropetrovska oblast, C=UA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
450EACFE8D673E82864CE46BC1A92FCA

File PE Metadata
Compilation timestamp:
5/20/2013 2:53:11 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:5KcfLUCh0w8Gx+npRs8kdQtsJlf7ZLyb8wcz:vjUCqw8M+nnGmkf7ZLyb8b

Entry address:
0x333E

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 30, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, BC, 80, 40, 00, 55, FF, 15, AC, 82, 40, 00, 6A, 08, A3, 78, 4F, 43, 00, E8, A8, 2E, 00, 00, A3, C4, 4E, 43, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, F0, B1, 42, 00, FF, 15, 7C, 81, 40, 00, 68, 7C, A3, 40, 00, 68, C0, 3E, 43, 00, E8, 13, 2B, 00, 00, FF, 15, 34, 81, 40, 00, BB, 00, F0, 43, 00, 50, 53, E8, 01, 2B, 00, 00...
 
[+]

Entropy:
7.8560

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file skypesetup.exe has been seen being distributed by the following 37 URLs.

http://skype.joydownload.com/get_file/wUiS4WnYccXBwj sXP7oQkEsnl0kPTqmHxz1cteQv A8/zyn9np5iNEMJ1Xmaqn3fHm6ykYNeiPVWby1E w9wr1gzc6eAwST CS7BkL9qi3m16DDpZrSkGdBs/ZryhUXNyPjT35rwYt87CC5UGKZSq4IkYSha2ZOLftuPRNMOar9RDkkMY6bNBBhhqLuAGZ8LJf5kuc2BHu7sVzdl7xmBpivL4G8ZDJW2MuvWrB6y0JSrpr2zlL7ZLg2zni0CJZX78z4SX/.../rBwfhoojvig==

http://skype.joydownload.com/get_file/wUiS4WnYccXBwj pXP7oQlssmVx1NT6tCk26IIWR4PE9tG//pmlyytgOJU/jY/j2OXmulgsEZjbOCeLkErY90bhnxdSWRAaS9T24VRLlszi1iP/Dr9reg2gIq5c6kREGRn3kAD9/hsI79WjwWGmLH/9Ow4TrMD0VL Bse0dIcL38FXB8ctyIf08wh LuFCw3eofz1ukyHGL5uFvPlu04XdH9LJPnKjMAzcr F wujV5OpMion1O7ZKl/hXX/.../wgr4RV2mhGFi79ojvig==

http://skype.joydownload.com/get_file/wUiS4WnYccXBwj pXP7oQlssmVx1NTmnEgqmOZ T6bJ/qCeisGMxwd4EPwS8IfupLXj/yldSIDrVT/.../gl7RhHGL5uFzFjv1uBZW5d9ClLHtf1dP9RL02lF4f7oLvjFv fKE2nSqsEZkCspPuAWvi8JuTkD4hYLdRTsc3P3Ux5arnRFg0nB3p3dxAEiziDgz1pZjvig==

http://skype.joydownload.com/get_file/wUiS4WnYccXEwj /TeqjC1c0kw48PjymGBzwZdvVsOh152b0sC4rn8kFbk3hYqn PXK7xFNKOSCGGOO1Qexj0bIjzsSXFQ2T7SS7Bkf3smnr0raR8oiR1CEXs55ziVBIRjX8Q34ghshq9CjwSCPAFK5Xi83iPSUGa78gJFsFN6XlACMjLdzFZREjiKv2cX1sONCRhKlwTnfv g/dl7xmB5ivM5v6fXoF1cC2XuMmlQ9Krpr2zlL/ZLgyznLyXIge/Mz4SX/.../rBwfhoojvig==

http://skype.joydownload.com/get_file/wUiS4WnYccXEwj 8WvauHEA0kxQ8PDK1GR/zcteQv A8/yWn9np5iNENJ1Xma73uNDC2wl5KbSCeEKqtH78lhOA kJnaRB6avCX7BlSu4S tgLbbrNPKkGFZqtY6gF9QEi/zGDU2nsUj7Cn4W2SdR65Xi83jPSVDLKs5bBIOOb32RHE8cs/.../SPsvxhcU6Yn9j175ZqJynG sB8VPuJ7nFmvi8JuRniYyBO0KBdFebDtm8PzyVU9zhVW61NdWUHW1FAaqqZvvig==

http://skype.joydownload.com/get_file/wUiS4WnYccXAwj 1RrjxCgghkkVxZmbzR1 xcteQv I253eq ysyl4pHaAW7erC/NXa20hcDeyPZCeLkErY90fk5kNSWRAaS9T35D0Dlszi1jf/D 5GYyCEes55piVRGVXalCzt2k8MivSH5UHHaGehOw57rNjxEYrs4PVxLIaS0XHt1as/cLVgoiKv2RH95LZf5kuc0CmOo0QGG3KoPUdb4MNz7JyRO1IK3G M2yUJJud2/n1O7ZKl/hS2hAt1Wrc24SWuv6sWCkW8qYbxRR4Y8PnskounkFxlrnE/.../yoYjvig==

http://skype.joydownload.com/get_file/wUiS4WnYccXAwj 1RrjxCgghkkVxZmbzR1 xcteQv A8/zyn9np5iNEMJ1Xmaqn3fHm ykYcdnGHWOOmEqc20bIjzsWXFUzIqz3zT0z0smm iPPDpZrSlWlZ98xs1kdJF3ymDjRn95hgvn6ZDyfcAKIJgJLzPHQNbrMgelBPau2iRHEmcs/KJxsghKDhFSQuO4/.../92Vz2ouQPFnfQvDpS3YpTxMyUJndO2XuMnlQ8U6onvhhvybaBn0XXyEcQe5MGxUXvrspaUnT4rJLxCRY4vbSZg8L72VF8j0gS7lNdBGT6iXUSz9ojvig==

http://skype.1-136-221747.5406df1f187cc.jdcdn.net/get_file/Rug-ZJkqt2BVxZUKrx1hyw/1409740079/1/12/1/.../SkypeSetup.exe

http://skype.joydownload.com/get_file/wUiS4WnYccXBwj qXP7oQkEsm10kPjuhChOxatjZp7VvsTDsqSt4yt8EPyS8IfupXCb4hRRGZyvZCeLkErY90f85kNSWRAaX9T36DkfwvHytgLbbrNPKziBZqtY6hF9QEy/5XmEy19EivSH4UHHdBK5Xi83gPSUGerJxJR4FIfq/FiM9LdzFfxEjiKHtGiUjeYD02q4/D2mwoA6W378wVdv4Mp68ZDJW2suvXrJt30gH5sv3jlLqN/MhhSflCc1X/.../O IWB5Y2enUguvCmGhtzhVW61NdWUHW1FAaqqZvvig==

http://skype.joydownload.com/get_file/wUiS4WnYccXBwj zXP7oQkEsml0kPjq1E1v4YtbB8ack5ib0o2JgyskFbk3lYqmjfGG3g15fOHHLQrfzR/J00bIjzsCXFVnZv3a6WVT84XG j/TRrd7elWpDqtY6gF9QFy/.../CmOo5AOTye1nR5i8dMi8DCoVn5TeSK1h3wNApd3vhhvybaBn0XXyEcQe5MGxUXvrspaUnT4rJLxCRY4vbSZg8L72VF8j0gS7lNdBGT6iXUSz9ojvig==

http://skype.joydownload.com/get_file/wUiS4WnYccXEwj /TeqjC1c0kw48PjymGBv6YtvVseh152b0sCgrn8kFbk3kYqn9PHWuyxdSMGmeRKq1E/Y9xLNyg5/DU1PWvD3zT0z0smnm0qHDpZrSk2lZoJciiBZIUHy1XGcpwdEivSH7XmmLI cViJKCYnNCKKdnZ00dOOz9VHBtPIrcLVgojav2EzQuO4/x2/.../JHkHy288YOb2SYjbaRCQoUvMjwps i1W0M1nB3z3dtOAS7jBwr3pIjvig==

http://skype.joydownload.com/get_file/wUiS4WnYccXAwj 1RrjxCgghkkVxZmbzR1 xcteQv U8/zC24jEwnskFdE3mbLr8PnK0xFVbOSCGGOO1Xuxj0bIjzsCXFQ6T/ij8C1T8 3G9geeV6svT0mlKq4cxkV4BXnWtGGcswNEivSH4UHGYQq5Xi83iPSVEMe0gJEEFMqS0XH51apiXek4wh LuEyIvauapmK1gbTz 9xrRybc5Fpn esOuZWMIhoL9Qbht2l9J/.../rFAz0oojvig==

http://skype.joydownload.com/get_file/wUiS4WnYccXBwj pXP7oQlssmVx1NTutCl6rNM7Y9ukw53f8oGl1z9wcJgTtarHuYDCuyxdSNWmeXLD5TOpwgKtrh8yZDR7HpnOtHk20snq7geey9ZCYxAAe5dBwnQAKAWSsSTR0lMk7qnK5Gj/ICfkelNXqdD0CYqtxdFFPZr38FXB9ctyKYgkpz6vlGDQkao6x2 s/HDzy8gONye1nXZi8dMKnZ3Rd38C6FqounBcHtNGpn1O7ZKh/.../rFAz0oojvig==

http://skype.joydownload.com/get_file/wUiS4WnYccXAwj 1RrjxCgghkkVxZmbzR1 xcteQv A8/zyn9np5iNEMJ1Xmaqn3fHm/ykYeazeeEKqtHr8lwbthw8KaFQfS9SzyHgau7Gm0yP/SpMvZkmVZqtY6h19QAi/7Xyx 18ko iHoOTjQAOk/.../VtDoC8YsntZXJWzYLkSfsvxhcU5sv3jFjyfP4s1Gz6UoYYrJupSDrjtpuC2XdpJ NRTsc3P3Ux5arnRFg0nB3p3dxAEyXmAArzpZPvig==

Latest 30 of 37 download URLs

Remove skypesetup.exe - Powered by Reason Core Security