» skype-600126-baixaki-32-bits.exe
Overview
Analysis
File Details
Downloads (1)

skype-600126-baixaki-32-bits.exe

The application skype-600126-baixaki-32-bits.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. This is a setup program which is used to install the application. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from dl.baixaki.com.br.

File name:

MD5:

c64ba84a095b289e2000de0b2bf2ec6a

SHA-1:

0704c84a65e0dc55a9e43d6924099128bb10a839

SHA-256:

d60231a4bab1e43f4d2d5140ed7ce7814c8f8a5b3d1c8f4750415f98334ebc58

Scanner detections:

19 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/27/2024 3:24:27 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.InstallCore

7.1.1

Avira AntiVirus

PUA/InstallCo.AB

8.3.1.6

Comodo Security

UnclassifiedMalware

22737

Dr.Web

Adware.InstallCore.75

9.0.1.0301

ESET NOD32

Win32/InstallCore.AY potentially unwanted (variant)

9.11926

Fortinet FortiGate

Riskware/InstallCore

10/28/2015

F-Prot

W32/InstallCore.V2.gen

v6.4.7.1.166

IKARUS anti.virus

AdWare.SuspectCRC

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.205.16533

McAfee

Artemis!C64BA84A095B

5600.6598

NANO AntiVirus

Trojan.Win32.InstallCore.cqleod

0.30.24.2487

Qihoo 360 Security

Win32/Virus.Adware.b88

1.0.0.1015

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.151026

SUPERAntiSpyware

Adware.InstallCore/Variant

9542

Trend Micro

TROJ_GEN.R0CBC0EAO15

10.465.28

Vba32 AntiVirus

BScope.Malware-Cryptor.InstallCore.2691

3.12.26.4

VIPRE Antivirus

InstallCore

41932

ViRobot

Trojan.Win32.A.Dynamer.1113464[h]

2014.3.20.0

Zillya! Antivirus

Adware.InstallCore.Win32.726

2.0.0.2282

File size:

1.1 MB (1,113,464 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\skype-600126-baixaki-32-bits.exe

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:EyLjcT2jsJ4EZbSjTXOfx2jwzpoHtzMfn0UfmuD9Celu4to:En2jsfbSHOfx2jwzpoHmf0U+uD99b

Entry address:

0xCD3F0

Entry point:

55, 8B, EC, 83, C4, F0, B8, BC, AA, 41, 00, E8, 34, D4, FF, FF, 2C, 01, 74, 05, 0F, B7, 5C, 24, 30, 8B, C3, 83, C4, 44, 5B, C3, 8B, C0, FF, 25, 48, A1, 46, 00, 8B, C0, FF, 25, 44, A1, 46, 00, 8B, C0, FF, 25, 40, A1, 46, 00, 8B, C0, FF, 25, 3C, A1, 46, 00, 8B, C0, FF, 25, 38, A1, 46, 00, 8B, C0, FF, 25, 34, A1, 46, 00, 8B, C0, FF, 25, 30, A1, 46, 00, 8B, C0, FF, 25, 2C, A1, 46, 00, 8B, C0, 53, 56, BE, E0, 95, 46, 00, 83, 3E, 00, 75, 3A, 68, 44, 06, 00, 00, 6A, 00, E8, A8, FF, FF, FF, 8B, C8, 85, C9, 75, 05... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

837.5 KB (857,600 bytes)

The file skype-600126-baixaki-32-bits.exe has been seen being distributed by the following URL.

http://dl.baixaki.com.br/programas/.../skype-600126-baixaki-32-bits.exe

Remove skype-600126-baixaki-32-bits.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.