home

skype-6-18-0-106-32-bits.exe

No Zebra Network Ltda.

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application skype-6-18-0-106-32-bits.exe by No Zebra Networka has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from gerenciador.nzs.com.br and multiple other hosts.
Publisher:
No Zebra Network Ltda.  (signed and verified)

MD5:
1bdae796e3b5c7a38698bcb76c5e605e

SHA-1:
88a0fa913ed01869f54561c738c8b1657273a35b

SHA-256:
5f7ebfe48fa87e9000c4973690237ccf1b88c4fdc6157c1aace15233ba02acd3

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 7:58:59 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.3069

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.15624

ESET NOD32
Win32/InstallCore.OZ (variant)
9.10418

F-Prot
W32/InstallCore.AC.gen
v6.4.7.1.166

K7 AntiVirus
Unwanted-Program
13.183.13358

Malwarebytes
PUP.Optional.InstallCore
v2015.06.24.02

McAfee
Artemis!1BDAE796E3B5
5600.6725

Reason Heuristics
PUP.NoZebraNetworka.Installer (M)
15.6.23.22

VIPRE Antivirus
InstallCore
33134

File size:
672.5 KB (688,640 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\skype-6-18-0-106-32-bits.exe

Digital Signature
Signed by:
No Zebra Network Ltda.

Authority:
Thawte, Inc.

Valid from:
8/11/2014 9:00:00 PM

Valid to:
8/12/2015 8:59:59 PM

Subject:
CN=No Zebra Network Ltda., OU=IT, O=No Zebra Network Ltda., L=Curitiba, S=Paran, C=BR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
49D9BC150ECE10C921669720128B3CF3

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:13vphhFENMflQs5t/xFt3F6kmaYtUcsWRzgoEL9qYG516v6IjEfH2gnjlB:13vDhFEKflQsDxFtVR3rc7Rzg3L9g16Y

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file skype-6-18-0-106-32-bits.exe has been seen being distributed by the following 5 URLs.

http://gerenciador.nzs.com.br/nocache/programas/urls/iron/.../skype-44-21-4102921.exe

http://gerenciador.nzs.com.br/nocache/programas/urls/iron/.../skype-94-61-4102941.exe

http://gerenciador.nzs.com.br/nocache/programas/urls/iron/.../skype-9-32-4102941.exe

http://gerenciador.nzs.com.br/nocache/programas/urls/iron/.../skype-73-41-4102931.exe

http://gerenciador.nzs.com.br/nocache/programas/urls/iron/.../skype-84-32-4102931.exe

Remove skype-6-18-0-106-32-bits.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.