linkeyobfinal.exe

Bonjoy Software

The application linkeyobfinal.exe by Bonjoy Software has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from cdn.download4desktop.com.
Publisher:
Bonjoy Software  (signed and verified)

MD5:
89182cc41d505039d84b838956828d5f

SHA-1:
3cbe1b9623e252211ed2fe953cdd3f07afa250f8

SHA-256:
917ef221a77ebaddf593d385205ca45e1f33c1521e76cff28e78778e5726c96f

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/23/2024 10:23:30 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3384

Clam AntiVirus
Win.Trojan.Generickd-95
0.98/21411

Dr.Web
Adware.OpenCandy.2
9.0.1.0298

ESET NOD32
8.10158

F-Prot
W32/A-74aca6fc
v6.4.7.1.166

G Data
Win32.Application.AztecSystemK
14.8.24

herdProtect (fuzzy)
2014.10.25.8

IKARUS anti.virus
PUA.Toolbar.SearchSuite
t3scan.1.6.1.0

Kaspersky
not-a-virus:WebToolbar.Win64.SearchSuite
14.0.0.3413

Malwarebytes
PUP.Optional.Linkey.A
v2014.08.13.09

McAfee
Artemis!5E5F768F170E
5600.7040

Qihoo 360 Security
Win32/Virus.WebToolbar.d3d
1.0.0.1015

Reason Heuristics
PUP.BonjoySoftware.N
14.11.21.23

Rising Antivirus
PE:Trojan.Win32.Generic.16E8A0A8!384344232
23.00.65.14811

Sophos
Generic PUA DM
4.98

VIPRE Antivirus
Trojan.Win32.Generic
31644

File size:
8 MB (8,363,240 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\linkeyobfinal.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/12/2012 3:00:00 AM

Valid to:
6/13/2015 2:59:59 AM

Subject:
CN=Bonjoy Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Bonjoy Software, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
757970ED986FF5350A82A40B6B8F0E38

File PE Metadata
Compilation timestamp:
2/24/2012 10:19:54 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:mwjjz06kZk2EeAUIvq0bKjwL6KQc+OPEImd5KTONy:mG306yVAUI/32itPE3/5I

Entry address:
0x3883

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, 92, 40, 00, FF, 15, 84, 81, 40, 00, 68, 4C, 92, 40, 00, 68, C0, AD, 46, 00, E8, 18, 27, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Entropy:
7.9984

Packer / compiler:
Nullsoft install system v2.x

Code size:
27.5 KB (28,160 bytes)

The file linkeyobfinal.exe has been seen being distributed by the following URL.

Remove linkeyobfinal.exe - Powered by Reason Core Security