bonzunainstaller(ch).exe

search core systems

The application bonzunainstaller(ch).exe, “Bonzuna Installer” by search core systems has been detected as adware by 15 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from bonzuna.com and multiple other hosts.
Publisher:
Bonzuna  (signed by search core systems)

Product:
Bonzuna

Description:
Bonzuna Installer

Version:
1.0.0.0

MD5:
a83269adf5daccfbc018519b018262d4

SHA-1:
0ebeec8e05c930eb47836a412b9f393ff951d3c3

SHA-256:
f209ff8bc17a1814763b5d24f987886ebe9bda12f08fea1e7366d1b81f33688b

Scanner detections:
15 / 68

Status:
Adware

Analysis date:
12/24/2024 5:03:18 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.Rettesser
2013.09.11

Avira AntiVirus
SPR/Tool.4495695
7.11.101.180

Baidu Antivirus
Trojan.Adware.Win32.Bonzuna
4.0.3.1455

Bitdefender
Application.Generic.407910
1.0.20.625

Comodo Security
UnclassifiedMalware
16913

ESET NOD32
Win32/Adware.Bonzuna (variant)
8.8783

F-Secure
Application.Generic.407910
11.2014-05-05_2

G Data
Application.Generic.407910
14.5.22

IKARUS anti.virus
Win32.SuspectCrc
t3scan.2.0.127

K7 AntiVirus
Riskware
13.172.9530

MicroWorld eScan
Application.Generic.407910
15.0.0.375

Panda Antivirus
Generic Trojan
14.05.05.02

Reason Heuristics
PUP.Installer.searchcoresystems.U
14.8.8.3

Vba32 AntiVirus
Trojan.Rettesser
3.12.24.0

VIPRE Antivirus
Trojan.Win32.Generic
21340

File size:
4.3 MB (4,498,480 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (Canada)

Common path:
C:\users\{user}\downloads\bonzunainstaller(ch).exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
1/13/2012 8:23:55 PM

Valid to:
1/13/2013 8:23:55 PM

Subject:
CN=search core systems, O=search core systems, C=CA

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112161BFE8B30B66C06A60ADF51015575814

File PE Metadata
Compilation timestamp:
2/22/2012 5:56:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:J/x9AYYXAJrTJrU7NgUY5AVjETFdfrqzUaMNfxjHq41mEyWdcPdE+u:Bx9hJr8gSoTvegaMNZjK4Pdcm

Entry address:
0x6F7DC

Entry point:
55, 8B, EC, 83, C4, F0, B8, AC, E4, 46, 00, E8, DC, 7C, F9, FF, A1, 24, 1D, 47, 00, 8B, 00, E8, A8, BC, FF, FF, A1, 24, 1D, 47, 00, 8B, 00, B2, 01, E8, F2, D7, FF, FF, A1, 24, 1D, 47, 00, 8B, 00, BA, 4C, F8, 46, 00, E8, 19, B7, FF, FF, 8B, 0D, 1C, 1B, 47, 00, A1, 24, 1D, 47, 00, 8B, 00, 8B, 15, AC, D3, 46, 00, E8, 89, BC, FF, FF, A1, 24, 1D, 47, 00, 8B, 00, E8, CD, BD, FF, FF, E8, D0, 53, F9, FF, B0, 04, 02, 00, FF, FF, FF, FF, 11, 00, 00, 00, 42, 00, 6F, 00, 6E, 00, 7A, 00, 75, 00, 6E, 00, 61, 00, 20, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
440.5 KB (451,072 bytes)

The file bonzunainstaller(ch).exe has been seen being distributed by the following 2 URLs.

Remove bonzunainstaller(ch).exe - Powered by Reason Core Security