» skypesetup.exe
Overview
Analysis
File Details
Downloads (28)

skypesetup.exe

Skype

RICH MEDIA SYSTEMS INC.

The application skypesetup.exe by RICH MEDIA SYSTEMS INC has been detected as a potentially unwanted program by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from skype.ar.1800download.com and multiple other hosts.

File name:

skypesetup.exe

Publisher:

RICH MEDIA SYSTEMS INC. (signed and verified)

Product:

Skype

Version:

1.0.0.0

MD5:

82a9e120144d1529c32b64163b2d5900

SHA-1:

0451e05486eea04d6ccf55915e226531d23e53fd

SHA-256:

1e38715d1994afe7bbca666aec0294ee97b12bb30d161d41b7398e4f6c9ae53b

Scanner detections:

12 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

5/16/2025 9:44:31 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.OpenCandy

2015.04.02

AVG

OpenCandy

2016.0.3146

Clam AntiVirus

Win.Trojan.Agent-855157

0.98/21511

Dr.Web

Adware.Downware.10304

9.0.1.097

ESET NOD32

Win32/OpenCandy.C potentially unsafe (variant)

9.11416

G Data

Win32.Adware.OpenCandy

15.4.25

K7 AntiVirus

Trojan

13.202.15459

Malwarebytes

PUP.Optional.OpenCandy

v2015.04.07.03

McAfee

Artemis!82A9E120144D

5600.6802

Reason Heuristics

PUP.Installer.RICHMEDIASYSTEMS

15.5.8.23

Trend Micro House Call

Suspicious_GEN.F47V0331

7.2.97

File size:

415.6 KB (425,624 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\skypesetup.exe

Digital Signature

Signed by:

RICH MEDIA SYSTEMS INC.

Authority:

Symantec Corporation

Valid from:

2/17/2015 2:00:00 AM

Valid to:

2/18/2016 1:59:59 AM

Subject:

CN=RICH MEDIA SYSTEMS INC., O=RICH MEDIA SYSTEMS INC., L=HENDERSON, S=Nevada, C=US

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

3F87144C25AF8BCF29F29C5A1FEEF4BA

File PE Metadata

Compilation timestamp:

5/20/2013 1:53:00 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:qiuRLKPsDWCDbJL9vwVyumht/U+E3Tpm7g:+1KPDA9vqAt/U+E38M

Entry address:

0x331C

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 30, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, BC, 70, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 08, A3, 98, 92, 42, 00, E8, A8, 2E, 00, 00, A3, E4, 91, 42, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, 90, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, 7C, 93, 40, 00, 68, E0, 81, 42, 00, E8, 13, 2B, 00, 00, FF, 15, 34, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, 01, 2B, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

24 KB (24,576 bytes)

The file skypesetup.exe has been seen being distributed by the following 28 URLs.

http://skype.ar.1800download.com/get_azure_file/wUiS4WnYccXBwj sXP7oQkEsnl0kPTqiHB77cteQv c8/zOn/j1gwJgELEPtetindjPpowEcdyOSTqHyCr50ybtq1oLZFQfS9S7yHkflszi1if/D8ZrKmiBBpp8ixAwcACngSSx 18kq9Dm5AzeLS VWyc/qdD0EYqtydkwdOOz9VXBtec3INBBhhqLuAH98LJf5kuc3BHu5sUjE3/VtBJivJJvtLy0NloT/.../xopz2zEI=

http://skype.1800download.com/get_azure_file/wUiS4WnYccXBwj sXP7oQkEsnl0kPTqiHB77cteQv U8/zOh/jwnickFbk3kYqn PnWuyxdSNmmeTbD7Tac8gLNhwMyPZFfYv3qbWQKy GXqw6DDpZrSl2lZ9N1w2hcXRn3 AD9xlssp/SPyX2KSA7ZfwtW4bmMVY/.../0UrzLaBwnT7lWIYdu9WwAHPruYPU3j4rJLxCT5Y8K3RguuCtD0UinB3z3dpOAWu4WFms5Nn2zEI=

http://skype.il.1800download.com/get_azure_file/wUiS4WnYccXGwj 8XPavWwllklYyNSrEQ1GyNb G8aZ28zC293p5iNEPLU31POK/fy/tiREabnGHWOOiEqd0mPAgkdSWRAaS9T2 VRLlszi1jf/DrNvdlWVCs55ziVNIRiD4Vmog1tEivSH5UHGbQbpOw4TrND0VKOBmPRNMOaz9RHt8ftzFZREghrOgVjQuO4/z2/80HGL5uFzFjqokRMv/.../Cc5V5YSxQHP76sjEiCdjbbRJV4c K3RguuCtD0UinB3z3dpOAWu4WFms5Nn2zEI=

http://skype.pt.1800download.com/get_azure_file/wUiS4WnYccXDyCf4UfO5CV530RJ0YyqsWxL3as6Q7qp2uHf14WJwwclRblXsK7H7NWH7mQoMbSTPCeLkErY90f85kNSWRAaX9T36DkPzvnKtgLbbqtPKxzoX9Ic7wF9DUHy1aWU81JZKq2 /.../D224tVLLnflkDJn esGkfSgFi9O2XuMmlQ8W7pr2zlL ZLgjyHDyVo1P5YSxQHP7sZCWiCdjbbVJV8dkbW0o6eimFREihBS6xZkAASeiDAz5sZv2zEI=

http://skype.1800download.com/get_azure_file/wUiS4WnYccXGwj 8XPavWwllklYyNSrEQ1GyNb G8aZ28zC293p5iNEIJ1WxN eoajGuyxdSMWmeGeihCr50ybpq1oDEUx6avCX BlT1un67jfzDpZrSkmlZ MxkkV4BXnStGD12hshq9CnwSCfdUrcfwsbrJTYVY/o4LRIdbOzlXTl1f8TcYUJ82P6jUTQuO4/x2/92Vz2ouQPFnfdnR5i etDuNiVO1IK3HuM2nh4T/.../mX54Uq4XnUXKquZSaiG97LvYWV49 M3kporfvXUMj2wS7jtdFFy7pDgTwq5LtzEI=

http://skype.ar.1800download.com/get_azure_file/wUiS4WnYccXAwj uQbjxCggnkkU3LTPkEhr4coOQp h152L0sC8rlY9RagT1Y/j2PHmugA0MIGjPEeqtCrQ0xatrh8yeDR7XpnvqBwX9vnGtiffUqt/Rg2gIq5Y6kRYbAGSsUzR0nMhq9C3wSDXGHOgJitXqdD0EYqswLh4dOOz9UHBtLYaOf1l3nqq9GCcheo361OwyC2qx8VDMlu01Xcave4GkbXtO3MKvFqoumxcHu9Gh2ErzLaB0kya0YJQUrpLYFj2s84/.../2zEI=

http://skype.il.1800download.com/get_azure_file/wUiS4WnYccXBwj sXP7oQkEsnl0kPTqiHB77cteQv A8/yWn9np5iNENJ1Xma73uNDC2wVRSIDfVWKn7SfxygeVyz4WXAgaDvHSxTBPlszi1if/D6p3KmiBBoJ8igkdJF3ylACwq19EivSH9UHHeGeIIl4CiJTxEYro4PVtWZ738D3B cMWNLB8onve9TnM3c8b40Ok/HArh xqa/6ooQdKjJYr7fXof1cK3D7B9yw8eroL/.../xopz2zEI=

http://skype.1800download.com/get_azure_file/wUiS4WnYccXGwj 8XPavWwllklYyNSrEQ1GyNb G8aZ28zC293p5iNENJ1WnMe/uNDC2w15KM2CKCeLkErc90eYj1s3eDQub7WihUhKo/zitgLbbr9nSgzcS4tVs0hwHFiq1AX1/kck7vXCzGjaLS/.../xopz2zEI=

http://skype.1800download.com/get_azure_file/wUiS4WnYccXBwj qXP7oQkEsm10kPjuhChOxat7Zp6dy/269qGl42docJgTta7HuZiro0l8bOGGGCeqkCr50ybtq1pneFQfS9SjyHgGu5i/gzLbDpZrSl2lZ98ps1wAARn3kAD1/hsEo DnxGWmfSq4JgIe4dWIVY A4LhwNO6f0U359cMWNLBoihrOwS2VlJNS7lK9pHGL5uF/Fjrw3TdLoYsntZXJWzYfkSfsv3BcT55r/.../2zEI=

http://skype.es.1800download.com/get_azure_file/wUiS4WnYccXBwj pXP7oQlssmV89fDKlEgqtI87Y9ukx53e5 zYmlJxNP0ykYrj2LTXllEZTcWmKEfulGrAzxbByz4WXAQaDqme4VQSiqnDmgfTVrNHekmRNo5A7wF9BXmTnU2pnn4Aj/SHoW2CfUrcfwsbhPSVTMfpyc0lGdu2rRHE8csvENFh5xeGxAC1mcoH4w7tsUjyouRnFnftmFvHmOYL7DCQYmoGjSKFxjRZW5473nw6nMv4g1T6tQMVe5NW5Qn/7uNKamCYyI/.../rBAfhoJn2zEI=

http://skype.1800download.com/get_azure_file/wUiS4WnYccXEwj /TeqjC1c0kw48PjylEBHzY9TXtOh152b0sDErn8kFbk3lYqn/PGG3g15aOHHTWPusW78wyasnnZjJWEvS7SS7BkX9qjvm3 fa7dPbm3FKopMiiBZIV3y1SWchhshw9CryUSCTQ7ZOjp61JTxEYr84PRoNNqvxX2h0O8TILAl00/.../1l1Ajt25yBjmO IghSflCc5d5NXvGjqp78DZ3258db0AT4E3Kzx4 aLyDxEihBS6xZkAASeiDAz5sZv2zEI=

http://1800dcdn.blob.core.windows.net/dir195/wi/18/33/1/.../SkypeSetup.exe

http://skype.es.1800download.com/get_azure_file/wUiS4WnYccXAwj 1RrjxCgghkkVxZmbzR1 xcteQv A8/zyn9np5iNEMJ1Xka6n3fHm/ykYeazeeEKqtHr8lwbtlwMCUFQfS9SnyHhCo5C/qyefa7dPbm3FJoJMiiBZIVXatGGos14N1r2K/GD LS/.../6QlRMfeJYbrL28Jl5SvFqoumRcHuMC91BqtfKEsnS2iAcdV6MS6QX3i8JuTkD5gPuJRTsc3OnUxseGhDxEihBS6xZkAASeiDAz5sZv2zEI=

http://skype.1800download.com/get_azure_file/wUiS4WnYccXGwj 8XPavWwllklYyNSrEQ1GyNb G8aZ28zC293p5iNEIJ1WxN eoajGuyxdSMWmeGeihCr50ybhgztTJXk/Ro36xSQSrqnD8gfDbvJqD2CMes55ziVZIRjb Xix 18kq9Dn7WWWLS/.../DGOo7Rndl7xmA5ivN5vwOy4bnNO2XuMnlQ9WtNzvhgHyb6J 1CagCd0IpofiASz7uMiamygib7VHRIw4MXRguuGtD1w42gS7lNdCGT7jBAj3pZP2zEI=

http://skype.fr.1800download.com/get_azure_file/wUiS4WnYccXBwj qXP7oQkEsm10kPjuhChOxatrZp7VpsTGr4Hp5iNENJ1Xlab3uNDC2w15KazrYCeLkErc90bpj1s3eDQqb7XqwTB 17Wm00v/QqtvQk2ZDqZc1iBZIUHy1XGcpwdEivSH7XmmLI cViJKCYnNCKKdnZ00dOOz9V3p1apqXZVt 3eihUHo3c8b41OcnTTLz8g/.../hS6kBstb59WwAHPruYPP2T4rJLxET5Z6YCF376XkDxEihBS6xZkAASeiDAz5sZv2zEI=

http://skype.1800download.com/get_azure_file/wUiS4WnYccXAwj 1RrjxCgghkkVxZmbzR1 xcteQv c8/zOn/j1gwJgELEPtetindjPpowEcdyOSTqHyCr50ybhgztTJXk/Ro36xSQSrqnD8gfDbvJqD2CMes55ziVNIRiPvSmc3wdEipyH7XmGRSLlfzcDhPHQNa7Mgb0FbIaS0XHl1as/NIAkpz6vnGDRjIdHg2q4/.../xopz2zEI=

http://skype.pt.1800download.com/get_azure_file/wUiS4WnYccXAwj 1RrjxCgghkkVxZmbzR1 xcteQv A8/yOn9np5iNEIJ1Xlar74OXquyxdSNGmeTbb7TOB10bIjzsWXFQ6Q T3zT0zxsmnqw7WI7IzKmjpBoJEyi1dLUnavCjU2nscj7H2jBjaLS/9WycPrJVRcIflnTE1Ldu/pAzIqasWNLBgonuG9RjQuO4/x2/80DW ouRnFn/.../4O h1ryfKl2hSflCc5d5NXvGjqp78DZ3258db0AT4E3Kzx4 aLyDxEihBS6xZkAASeiDAz5sZv2zEI=

http://skype.es.1800download.com/get_azure_file/wUiS4WnYccXEwj /TeqjC1c0kw48PjylHxD0YdrVt h152T qHomkphOcRauLfmgLXj/ylFSICDXUqnyCr50ybtq1oLZFQfS9S7yHkflszi1iP/D6ICMg2gIq5M6kVdAUXKhAyx 18kq9Dm5AzeLS VWyc/qdD0EYqtydkwdOOz9VXBtec3INBBhhqLuAH98LJf5kuc3BHu5sUjE3/VqDoDrL576OjNO1IK3HuM2nRwT/4O h1ryfPU2hSflCchX/.../2zEI=

http://skype.1800download.com/get_azure_file/wUiS4WnYccXEwj 8WvauHEA0kxQ8PDK1Ghn0cteQv c8/zOn/j1gwJgELEPtetindjPpowEcdyOSTqHyCr50ybtq1oLZFQfS9S7yHkflszi1iP/D7oCMg2gIq5Y6kVRBUmSsSTR3ntF2vTnxGWmeSq4bkZm1aHBEerJxJRsFIeyuAmh0IcTPLhBhhqfuAHNtONywhP8 V2O7tljIm/tpApe4e4GkbHtOmZjpD JnlRsf/4r/.../rBAfhoJn2zEI=

http://skype.1800download.com/get_azure_file/wUiS4WnYccXEwj /TeqjC1c0kw48PjylHxDwZ97SvOh152b0sC4rn8kFbk3hYqn PXa4xl1KOSCGH O1Tuxrlqtrh8ycAwaDnHSxTBOU7T/6y uE5ozKmiBBo58ixxFQXzWtCzRnldEivSH8UHHPH AInYXzPHQNa7MgLRkJIaS0XHl1ao6Xcgkpz6vnGDQke4Pg2q4/.../twxl5Vsdm0yBqkfKE2nSmsEYwGp4fuUXKquZOaiHNjdb0AT4M3Kzh67rb4WllzhVW61NdWUHW1FAaqqZvszEI=

http://skype.ru.1800download.com/get_azure_file/wUiS4WnYccXGwj 8XPavWwllklYyNSrEQ1GyNb G8aZ28zC293p5iNENJ1W Me/uNDC2wl5KMWCeEKqtG78lg A01s3eDQ b7S77ClT8 3G8geeS943KmjpBoJ07wF9EXmTyQn4s1pY79XLwW2ebSLVdwMfhPjxEYrs4PUdMIaS0XH11aomXeE99y L2GWUve4/.../0UrzLaBwnT7lWIYdu9WwAHPvuYPGxXB0MvRRTsc3OnUxsuOhDxEihBS6xZkAASeiDAz5sZv2zEI=

http://skype.1800download.com/get_azure_file/wUiS4WnYccXBwj qXP7oQkEsm10kPjuhChOxatrZp7VpsTGr4Hp5iNENJ1Xlab3uNDC2wl5KbSCeEKqtH78lhOA kJnaRB6avCX7BlSu4S tgLbbrNPKkmBZqtY6hV9QAT7nU3wghshw9Cr WGueSLhZy8HqdD0EYqtxdkwdOPb9V3J0O8TMLAlmyLPvUSwkcpfzw Z2BGi6uEibxbwsWMP0NYDyfXof1cS3D6p/1l1A/.../2zEI=

http://skype.1800download.com/get_azure_file/wUiS4WnYccXBwj pXP7oQlssmV89fDKkEgq0OYjBvqA862/soGp3z90HP0ykYr/2LSXlnAFKOSCGGu2tCtZsivk1p5PZQkyPqmetHk20snm1mbGVvNKbm2JBs5QiiBZIV3y1Smchhshq9CjwSGKaRq5Xi83iPSVeMe0gJFsFMaXlVXltc43EIBEw2emkS2Rwao6r2 wxDG6ytlvImPZnR5i7etD4MC0IioOvFqounBcH74n7n1O7ZKh/.../2zEI=

http://skype.pt.1800download.com/get_azure_file/wUiS4WnYccXAwj uQbjxCggnkkU3LTPkEhv4cpqK4fE9rm/4qHpwyd4KK071Y/j2OXmulgsEZjbOCeLkErY90bthwtSWRAaX9T2tRAau i6tgKzbr93amWZPpJY2gF4BXnWtGH0swNEipyH7UmjaSr9W2p64YyUMK7MwJQoMML38FXB8ctyOf08wh LuESw3eYb0w Z2BGi6uEibxbwsWMP0NYDyfXof1cS3D6p/.../4O h1zyfPwsy3m0CIxX78OxURqy tHF XlkIvZdEMxoK3RguuCtD0UinB3z3dpOAWu4WFms5Nn2zEI=

http://skype.ar.1800download.com/get_azure_file/wUiS4WnYccXEwj 8WvauHEA0kxQ8PDK1Ghn0cteQv E8/zq9sGMxwdwEPwC Nu jeDCuyxdSMWmeXbDzCr50yb9q1sSfAgiX9j3zT0zxsmnqw7WI7IzKmjpBoJEyi1NKVH kCjU2nsEj7G SGjaSr1W2sbzPHQNbLMgeUFTZr38FXB fMTcRUBrzPSHR2JgOJunmbgnBSqwsVDd36Y4FpnkesOmZDJW3sG3D7193F1JvMG4zwTqZel/.../rBAfhoJn2zEI=

http://skype.1800download.com/get_azure_file/wUiS4WnYccXBwj pXP7oQlssmV89fDKkEgqrOYjBvqA872/soWtgwJgEK031PfO8ZjHp0l8BOGKIGeGvHbw3xr5rh8yZDR7HpnOtHk20snq7geey9ZCYxAAe5dBwnQAKAWSsSTRzntF/oXeuDyGLS/9Wy83zNTYBerJxJRkPOb2jDzk/.../4O h1vyfKt2kT6tQMVf5NXkAGvi8JuXkD5nPugXGsN K3RguuGtD1w42gS7lNdCGT7jBAj3pZP2zEI=

http://skype.1800download.com/get_azure_file/wUiS4WnYccXDyCf4UfO5CV530RJ0YyqsWxL3as6Q7qp2uHf14WJ0wclbZQe Ku7uNCq2wVBaOmSOEuqkHb50ybpq1oXEUx6apiX5BE20sni1mbOI svT0mlNq4cygVBGUn 1AX1/l8k7vnKuSGjaSr9W2sbiMSUMK7MxJQpWavvlXTl1esTcJRgwh LuECw3PMHg2q4/D2Oos0jE3/VuDoDiM9ClLHtb1dP6RLdwwFpW/.../2zEI=

http://skype.pt.1800download.com/get_azure_file/wUiS4WnYccXBwj sXP7oQkEsnl0kPTqiHB77cteQv U8/zC24jEwnskFdE3mbLn7NnC5w1VZOSCGGeO1R/YlyPpqw8yPQFXPq3C/T1T8 3G i//D oCb0T8a6NBy30dJF3yiACw2z4ppqznxGWmaSq4fkZPzPG4NabE5bBILOb2hDyYqasWNLBomhrOHSW9lLeanlah1EDzy50jE3/.../7uNKamSYyPu8XV49 M30pouGkDxEihBS6xZkAASeiDAz5sZv2zEI=

Remove skypesetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.