home

skype-6732102-32-bits.exe

The application skype-6732102-32-bits.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. The program is a setup application that uses the installCore installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from esd.baixaki.com.br and multiple other hosts.
MD5:
44e899f3c6c621f3fdb322627d06f25d

SHA-1:
cea0ec246106ff44ee3be3754df6d07eb6d2846a

SHA-256:
85764e19ecb7f946d530fed13a410d5365851dc14b5168f3252238d43cb75c23

Scanner detections:
19 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/25/2024 9:58:53 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
Adware/InstallCore.AL
7.11.164.42

AVG
InstallC
2017.0.2859

Bkav FE
W32.Clodb0d.Trojan
1.3.0.4959

Comodo Security
Application.Win32.Agent.AS
18989

Dr.Web
Trojan.Packed.24524
9.0.1.019

ESET NOD32
Win32/InstallCore.BY (variant)
10.10159

Fortinet FortiGate
Riskware/InstallCore
1/19/2016

F-Prot
W32/InstallCore.R3.gen
v6.4.7.1.166

K7 AntiVirus
Unwanted-Program
13.181.12846

Malwarebytes
PUP.Optional.InstallCore
v2016.01.19.03

McAfee
Artemis!44E899F3C6C6
5600.6515

Qihoo 360 Security
Win32/Virus.Adware.4ec
1.0.0.1015

Reason Heuristics
PUP.InstallCore.Bundler (M)
16.1.19.15

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.16117

Sophos
Install Core Click run software
4.98

SUPERAntiSpyware
PUP.InstallCore/Variant
9376

Vba32 AntiVirus
Downware.InstallCore
3.12.26.3

VIPRE Antivirus
InstallCore.b
31648

File size:
657.8 KB (673,608 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\skype-6732102-32-bits.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:TSyMJfsGLCD3jpE3wvIhnpvISQgq4VcD2TmjWeAesdaGrLM4eOXnf2HKLP117:2yMJfsr3jpC5qIZiWeorMSXnfuu

Entry address:
0x98CC

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, FA, 97, FF, FF, E8, 01, AA, FF, FF, E8, 2C, CC, FF, FF, E8, 73, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 76, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 2C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D8, BD, 40, 00, E8, AB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D8, BD, 40, 00, B2, 01, B8...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36 KB (36,864 bytes)

The file skype-6732102-32-bits.exe has been seen being distributed by the following 2 URLs.

http://esd.baixaki.com.br/programas/57487/.../internet-download-manager-618-32-bits.exe

http://esd.baixaki.com.br/programas/53005/.../skype-6732102-32-bits.exe

Remove skype-6732102-32-bits.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.