photoscape_3.7.exe

PhotoScape

Bonjoy Software

The application photoscape_3.7.exe, “PhotoScape Setup Program” by Bonjoy Software has been detected as adware by 4 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
Baidu PC App Store  (signed by Bonjoy Software)

Product:
PhotoScape

Description:
PhotoScape Setup Program

Version:
3.7

MD5:
cf81db3373b19ef9a379717c6406432b

SHA-1:
586b495976356bce6bd81a8b166bfe9a03b1bfbb

SHA-256:
929036669a1e666920772fc40b1290215c53b6d78c18082d29eb4bc25b11c7a9

Scanner detections:
4 / 68

Status:
Adware

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/24/2024 11:56:14 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.6979

ESET NOD32
Win32/OpenCandy.A potentially unsafe (variant)
9.11876

Reason Heuristics
PUP.BonjoySoftware.Installer (M)
15.7.8.12

VIPRE Antivirus
Opencandy
41638

File size:
699 KB (715,776 bytes)

Product version:
3.7

Copyright:
Copyright (C) 2005-2014 Mooii

Original file name:
PhotoScapeSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/30/2014 5:00:00 PM

Valid to:
7/31/2015 4:59:59 PM

Subject:
CN=Bonjoy Software, O=Bonjoy Software, STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
008994D64FEE6C2BD6A19EF823DEF5CAE4

File PE Metadata
Compilation timestamp:
10/14/2014 10:18:43 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:m3A6gKngsZVBvV3a/5M3H78X0V/XSJF57O936mybfETvlel9pnGwnLWwEb:gnvfvU/G1fSJFUMfCvl+9dGELSb

Entry address:
0x115360

Entry point:
60, BE, 00, 80, 47, 00, 8D, BE, 00, 90, F8, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.7391

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
632 KB (647,168 bytes)

Remove photoscape_3.7.exe - Powered by Reason Core Security