bonzunainstaller(ch).exe

search core systems

The application bonzunainstaller(ch).exe, “Bonzuna Installer” by search core systems has been detected as adware by 20 anti-malware scanners. The file has been seen being downloaded from wac.51d5.edgecastcdn.net.
Publisher:
Bonzuna  (signed by search core systems)

Product:
Bonzuna

Description:
Bonzuna Installer

Version:
1.0.0.0

MD5:
efb352911ea6e5b127b324ddc6393a19

SHA-1:
f057a70b2223ff097d6670c1e71dd101daf14bdd

SHA-256:
8b7fc478c39081a8a9f36b7d8e5eb131e13551a507bdd214bc79b24c6ba47be9

Scanner detections:
20 / 68

Status:
Adware

Analysis date:
12/25/2024 3:43:17 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.576938
709

AhnLab V3 Security
Trojan/Win32.Rettesser
2014.01.04

Avira AntiVirus
Adware/Bonzuna.B
7.11.123.104

Bitdefender
Application.Generic.576938
1.0.20.280

Bkav FE
W32.Clodd8f.Trojan
1.3.0.4613

Comodo Security
UnclassifiedMalware
17548

ESET NOD32
Win32/Adware.Bonzuna
9.9247

Fortinet FortiGate
Riskware/Bonzuna
2/25/2015

F-Secure
Application.Generic.576938
11.2015-25-02_4

G Data
Application.Generic.576938
15.2.22

IKARUS anti.virus
Win32.SuspectCrc
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.175.10735

Kaspersky
HEUR:Trojan.Win32.StartPage
14.0.0.2432

McAfee
Artemis!EFB352911EA6
5600.6843

MicroWorld eScan
Application.Generic.576938
16.0.0.168

Panda Antivirus
Generic Trojan
15.02.25.03

Reason Heuristics
PUP.Installer.searchcoresystems
15.2.25.15

Trend Micro House Call
TROJ_GEN.RCBZ1K1
7.2.56

Trend Micro
TROJ_GEN.RCBZ1K1
10.465.25

VIPRE Antivirus
Trojan.Win32.Generic
25056

File size:
4.2 MB (4,442,672 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (Canada)

Common path:
C:\users\{user}\downloads\bonzunainstaller(ch).exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
1/13/2012 11:23:55 AM

Valid to:
1/13/2013 11:23:55 AM

Subject:
CN=search core systems, O=search core systems, C=CA

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112161BFE8B30B66C06A60ADF51015575814

File PE Metadata
Compilation timestamp:
8/28/2012 12:35:26 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:k/Y7AAYXAJrlJrUAWDgwY5Atoji9eh9H7WAW:mY71rr1Ig1SefH7WAW

Entry address:
0x6F7DC

Entry point:
55, 8B, EC, 83, C4, F0, B8, 00, E6, 46, 00, E8, DC, 7C, F9, FF, A1, 24, 1D, 47, 00, 8B, 00, E8, A8, BC, FF, FF, A1, 24, 1D, 47, 00, 8B, 00, B2, 01, E8, F2, D7, FF, FF, A1, 24, 1D, 47, 00, 8B, 00, BA, 4C, F8, 46, 00, E8, 19, B7, FF, FF, 8B, 0D, 1C, 1B, 47, 00, A1, 24, 1D, 47, 00, 8B, 00, 8B, 15, AC, D3, 46, 00, E8, 89, BC, FF, FF, A1, 24, 1D, 47, 00, 8B, 00, E8, CD, BD, FF, FF, E8, D0, 53, F9, FF, B0, 04, 02, 00, FF, FF, FF, FF, 11, 00, 00, 00, 42, 00, 6F, 00, 6E, 00, 7A, 00, 75, 00, 6E, 00, 61, 00, 20, 00...
 
[+]

Entropy:
6.8453

Developed / compiled with:
Microsoft Visual C++

Code size:
441 KB (451,584 bytes)

The file bonzunainstaller(ch).exe has been seen being distributed by the following URL.

Remove bonzunainstaller(ch).exe - Powered by Reason Core Security