» photoscape_3.7.exe
Overview
Analysis
File Details

photoscape_3.7.exe

PhotoScape

Bonjoy Software

The application photoscape_3.7.exe, “PhotoScape Setup Program” by Bonjoy Software has been detected as adware by 4 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.

File name:

photoscape_3.7.exe

Publisher:

Baidu PC App Store (signed by Bonjoy Software)

Product:

PhotoScape

Description:

PhotoScape Setup Program

Version:

3.7

MD5:

cf81db3373b19ef9a379717c6406432b

SHA-1:

586b495976356bce6bd81a8b166bfe9a03b1bfbb

SHA-256:

929036669a1e666920772fc40b1290215c53b6d78c18082d29eb4bc25b11c7a9

Scanner detections:

4 / 68

Status:

Adware

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

11/12/2024 7:11:37 PM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.HfsAdware

1.3.0.6979

ESET NOD32

Win32/OpenCandy.A potentially unsafe (variant)

9.11876

Reason Heuristics

PUP.BonjoySoftware.Installer (M)

15.7.8.12

VIPRE Antivirus

Opencandy

41638

File size:

699 KB (715,776 bytes)

Product version:

3.7

Original file name:

PhotoScapeSetup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Digital Signature

Signed by:

Bonjoy Software

Authority:

COMODO CA Limited

Valid from:

7/30/2014 5:00:00 PM

Valid to:

7/31/2015 4:59:59 PM

Subject:

CN=Bonjoy Software, O=Bonjoy Software, STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

008994D64FEE6C2BD6A19EF823DEF5CAE4

File PE Metadata

Compilation timestamp:

10/14/2014 10:18:43 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:m3A6gKngsZVBvV3a/5M3H78X0V/XSJF57O936mybfETvlel9pnGwnLWwEb:gnvfvU/G1fSJFUMfCvl+9dGELSb

Entry address:

0x115360

Entry point:

60, BE, 00, 80, 47, 00, 8D, BE, 00, 90, F8, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B... 
[+]

Entropy:

7.7391

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

632 KB (647,168 bytes)

Remove photoscape_3.7.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.