» Skype_v6.16.0.105.exe
Overview
Analysis
File Details
Downloads (1)
Network (1)

Skype_v6.16.0.105.exe

1.3.9.0.140504.01

ClientConnect LTD

The file belongs to the ClientConnect (Conduit/Perion) platform, a utility that bundles and monetizes search toolbars and browser add-ons. The application Skype_v6.16.0.105.exe by ClientConnect has been detected as adware by 19 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.afterdawn.com. While running, it connects to the Internet address cms.dmccint.com on port 80 using the HTTP protocol.

File name:

Publisher:

ClientConnect LTD (signed and verified)

Product:

1.3.9.0.140504.01

Description:

Setup.exe

Version:

1.3.9.0

MD5:

37ecb46295b4bdd659b6e2ed3f95c374

SHA-1:

211f13f9ef4fca541d2a1b130c7237c2fb0576ce

SHA-256:

00562a45b2f5d453a9b3a576099957879eafc4e43f392c18452769a5543d2442

Scanner detections:

19 / 68

Status:

Adware

Explanation:

Bundles the Conduit Toolbar and/or Conduit Search Protect.

Analysis date:

4/26/2024 11:34:37 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Toolbar.Conduit

7.1.1

avast!

Win32:Adware-BRM [PUP]

2014.9-150803

AVG

Generic

2016.0.3028

Baidu Antivirus

Adware.Win32.Conduit

4.0.3.1583

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Adware.Conduit.96

9.0.1.0215

ESET NOD32

Win32/Toolbar.Conduit.AB (variant)

9.10004

Fortinet FortiGate

Riskware/Toolbar_Conduit

8/3/2015

herdProtect (fuzzy)

variant of ripbot264_v1.17.5.exe (Adware)

2015.9.8.12

K7 AntiVirus

Trojan

13.204.16053

Kaspersky

not-a-virus:WebToolbar.Win32.Agent

14.0.0.1637

Malwarebytes

PUP.Optional.ClientConnect

v2015.08.03.12

McAfee

Artemis!B701CEB329BE

5600.6684

NANO AntiVirus

Riskware.Win32.Conduit.dbqqxi

0.30.24.1636

Quick Heal

PUA.Clientconn.Gen

9.15.14.00

Reason Heuristics

PUP.Conduit.ClientConnect.Installer (M)

15.8.3.12

Total Defense

Win32/Tnega.ALHeNWC

37.1.62.1

Trend Micro House Call

TROJ_GEN.F47V0605

7.2.215

VIPRE Antivirus

Conduit

30674

File size:

207.4 KB (212,328 bytes)

Product version:

1.3.9.0

Original file name:

Skype_v6.16.0.105.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\skype_v6.16.0.105.exe

Digital Signature

Signed by:

ClientConnect LTD

Authority:

VeriSign, Inc.

Valid from:

2/3/2014 7:00:00 PM

Valid to:

2/5/2016 6:59:59 PM

Subject:

CN=ClientConnect LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=DM4, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

201C61613E36EF7DD163280196CD80F7

File PE Metadata

Compilation timestamp:

6/9/2012 9:19:49 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:Cz+92mhAMJ/cPl3iw7Tozlx/LVXHSPF0MfR:CK2mhAMJ/cPlNU7VXE

Entry address:

0xAC87

Entry point:

E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, 9F, 30, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, 8F, AB, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 24, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 24, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, 0E, B1, FF, FF, C3, 56, 8B, F1, 8B, 06, 85, C0, 74, 07, 50, FF, 15, C4, 40, 41, 00, 83, 26, 00, 83, 66, 08, 00, 83, 66, 0C, 00, 5E, C3, 56, 8B, F1, 80, 7E, 04, 00, 75, 34, 68, F4, 44, 41, 00... 
[+]

Code size:

73 KB (74,752 bytes)

The file Skype_v6.16.0.105.exe has been seen being distributed by the following URL.

http://www.afterdawn.com/software/.../download.cfm?version_id=82103&software_id=571&mirror_id=0&installer=1&perion=1

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to cms.dmccint.com (23.67.242.80:80)

http://cms.dmccint.com/DynamicOffer/25812000/25833123/?mainofferId=25808566&CurrentStep=2&TotalSteps=4&DownloadBrowser=IE&CType=-1&UserMode=-1&DMVersion=1.3.5.58.25831989.01&Language=US-EN

Remove Skype_v6.16.0.105.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.