» skinpack windows10 v10.0.exe
Overview
Analysis
File Details
Downloads (1)
Network (5)

skinpack windows10 v10.0.exe

The application skinpack windows10 v10.0.exe has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from fs.freewareupdate.com. While running, it connects to the Internet address static.115.96.63.178.clients.your-server.de on port 443.

File name:

MD5:

174de3540d9ad5a567e546f0e8b5f051

SHA-1:

0b18cfd59bc9f44231b86406410f11f26329f8fd

SHA-256:

eaf16c1d01004be28428739d89de7d205e2521ea7069205e6817cb337d5f4f3f

Scanner detections:

7 / 68

Status:

Potentially unwanted

Analysis date:

5/1/2024 3:15:01 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Optimizer

2017.0.2870

Dr.Web

Trojan.KillProc.35429

9.0.1.08

Fortinet FortiGate

Riskware/Sim

1/8/2016

McAfee

Artemis!174DE3540D9A

5600.6526

NANO AntiVirus

Riskware.Nsis.Downloader.dvsumk

1.0.14.5380

Quick Heal

Ransom.Gimemo.C4

1.16.14.00

Zillya! Antivirus

Trojan.Virlock.Win32.45721

2.0.0.2595

File size:

21.6 MB (22,614,610 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

File PE Metadata

Compilation timestamp:

8/5/2015 3:46:27 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

393216:clmVTvyDCrAtSgnaXs53ABjndn6tVBNHgX/LSWRgMu+Ugz5qXtVUlV:YmNIxrnV5wB7dn6tr5igYUgzoM/

Entry address:

0x3217

Entry point:

81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 09, A3, B8, 37, 42, 00, E8, 05, 2E, 00, 00, A3, 04, 37, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, B8, EC, 41, 00, FF, 15, 64, 71, 40, 00, 68, E4, 91, 40, 00, 68, 00, 2F, 42, 00, E8, AF, 2A, 00, 00, FF, 15, B0, 70, 40, 00, BD, 00, 90, 42, 00, 50, 55, E8, 9D, 2A... 
[+]

Entropy:

7.9999

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file skinpack windows10 v10.0.exe has been seen being distributed by the following URL.

http://fs.freewareupdate.com/Download/skinpack/.../SkinPack Windows10 v10.0.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to static.115.96.63.178.clients.your-server.de (178.63.96.115:443)

TCP (HTTP):

Connects to server-54-230-149-27.sin2.r.cloudfront.net (54.230.149.27:80)

TCP (HTTP):

Connects to server-54-230-149-112.sin2.r.cloudfront.net (54.230.149.112:80)

TCP (HTTP):

Connects to server-54-192-3-140.lhr5.r.cloudfront.net (54.192.3.140:80)

TCP (HTTP):

Connects to server-54-192-203-38.fra50.r.cloudfront.net (54.192.203.38:80)

Remove skinpack windows10 v10.0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.