tunesup-for-skype-2-0-0-74-beta-en.exe

HLT Hausleittechnik GmbH, Germany

The executable tunesup-for-skype-2-0-0-74-beta-en.exe, “TunesUp 2.0 (Beta) Setup ” has been detected as malware by 20 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from dw4.en.uptodown.com.
Publisher:
HLT Hausleittechnik GmbH, Germany

Description:
TunesUp 2.0 (Beta) Setup

Version:
2.0.0.74

MD5:
42f44948cdc1e09e2488dd0fa7c71550

SHA-1:
72ec28b7caec0d2266eda4b5bfd05a123f065232

SHA-256:
e109add761d8075cc234b85cf20f8febe8c63cb377ed09aa2f18b3f414452493

Scanner detections:
20 / 68

Status:
Malware

Analysis date:
12/27/2024 7:02:36 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Backdoor.Generic.86062
493

Agnitum Outpost
Backdoor.Agent
7.1.1

AVG
BackDoor.Generic13
2016.0.2971

Bitdefender
Backdoor.Generic.86062
1.0.20.1365

Comodo Security
UnclassifiedMalware
21248

Emsisoft Anti-Malware
Backdoor.Generic.86062
8.15.09.30.11

F-Prot
W32/Backdoor.BYRR
v6.4.7.1.166

F-Secure
Backdoor.Generic.86062
11.2015-30-09_4

G Data
Backdoor.Generic.86062
15.9.25

IKARUS anti.virus
Backdoor.Win32.SuspectCRC
t3scan.1.8.6.0

McAfee
Artemis!42F44948CDC1
5600.6627

MicroWorld eScan
Backdoor.Generic.86062
16.0.0.819

NANO AntiVirus
Trojan.Win32.BYRR.bukms
0.30.0.296

Norman
Suspicious_Gen3.AONP
11.20150930

nProtect
Backdoor.Generic.86062
15.02.27.01

Qihoo 360 Security
Win32/Trojan.Downloader.6c4
1.0.0.1015

Sophos
Mal/Generic-L
4.98

Vba32 AntiVirus
Backdoor.Hupigon
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
38008

ViRobot
Backdoor.Win32.S.Agent.2485081[h]
2014.3.20.0

File size:
2.4 MB (2,485,081 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\tunesup-for-skype-2-0-0-74-beta-en.exe

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:76dVItoJV03KGS/DHu8iME+n/VnYOqGyXM+1S+SLCxM3JNgR/oCui1XukX4:edasVDGS75E+n/VgrXMMS+Si+gR/V1Xk

Entry address:
0x97F0

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, D6, 98, FF, FF, E8, DD, AA, FF, FF, E8, 00, CD, FF, FF, E8, 47, CD, FF, FF, E8, 3E, F3, FF, FF, E8, A5, F4, FF, FF, 33, C0, 55, 68, 9A, 9E, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 50, 9E, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 5A, FA, FF, FF, 8D, 55, F0, 33, C0, E8, C0, D1, FF, FF, 8B, 55, F0, B8, D4, BD, 40, 00, E8, 87, 99, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D4, BD, 40, 00, B2, 01, B8...
 
[+]

Entropy:
7.9961

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36 KB (36,864 bytes)

The file tunesup-for-skype-2-0-0-74-beta-en.exe has been seen being distributed by the following URL.

Remove tunesup-for-skype-2-0-0-74-beta-en.exe - Powered by Reason Core Security