jetaudio_setup.exe

JetAudio

Bonjoy Software

The application jetaudio_setup.exe, “JetAudio Setup Program” by Bonjoy Software has been detected as adware by 2 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
Cowon America  (signed by Bonjoy Software)

Product:
JetAudio

Description:
JetAudio Setup Program

Version:
16.0

MD5:
96506df68aa23a96f672fd8b57179baf

SHA-1:
149ebf7fab67c7fe758114b39ed6b99a24dec231

SHA-256:
67756063a0da7e9a73ad0aa9668f98fdee68363d6c0440886afa7d7dbe3278cb

Scanner detections:
2 / 68

Status:
Adware

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/23/2024 10:58:07 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/OpenCandy (variant)
8.10140

Reason Heuristics
PUP.Installer.BonjoySoftware.O
14.11.21.23

File size:
382.3 KB (391,464 bytes)

Product version:
16.0

Copyright:
Copyright © 2009 Acresso Software inc

Original file name:
JetAudioSetup.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\jetaudio_setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/12/2012 4:00:00 AM

Valid to:
6/13/2015 3:59:59 AM

Subject:
CN=Bonjoy Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Bonjoy Software, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
757970ED986FF5350A82A40B6B8F0E38

File PE Metadata
Compilation timestamp:
6/20/2014 4:26:35 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:qSpW4ElLulTt4LJwg8K0dVmymGZf110efZuUoMFfWJBdwUHtyQxuNkE30A:jM4miJa5oVhrbcUdENXQ0A

Entry address:
0xC5360

Entry point:
60, BE, 00, 60, 47, 00, 8D, BE, 00, B0, F8, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.6880

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
320 KB (327,680 bytes)

Remove jetaudio_setup.exe - Powered by Reason Core Security