» pixsta_install.exe
Overview
Analysis
File Details
Downloads (7)
Network (17)

pixsta_install.exe

Pixsta

Bonjoy Software

The application pixsta_install.exe, “Pixsta Setup Program” by Bonjoy Software has been detected as adware by 6 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from s6.picofile.com and multiple other hosts. While running, it connects to the Internet address 209-88-193-135.barak.net.il on port 80 using the HTTP protocol.

File name:

pixsta_install.exe

Publisher:

Pokki (signed by Bonjoy Software)

Product:

Pixsta

Description:

Pixsta Setup Program

Version:

0.267

MD5:

976e1bcdfba5a05275b9bdc741564ec7

SHA-1:

1ead19a647377aced28c00d9f734e67d2379abf2

SHA-256:

58cb80069947abe82354e5cec8a7904c83d6b82290f3288de90e0cbd2b68e664

Scanner detections:

6 / 68

Status:

Adware

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

11/12/2024 7:30:20 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2016.0.3234

Baidu Antivirus

Adware.Win32.OpenCandy

4.0.3.15110

ESET NOD32

Win32/OpenCandy (variant)

9.10961

McAfee

Artemis!976E1BCDFBA5

5600.6890

Reason Heuristics

PUP.Installer.BonjoySoftware.O

15.1.10.4

Trend Micro House Call

Suspicious_GEN.F47V1103

7.2.10

File size:

676 KB (692,224 bytes)

Product version:

0.267

Original file name:

PixstaSetup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\programs\pixsta_install.exe

Digital Signature

Signed by:

Bonjoy Software

Authority:

COMODO CA Limited

Valid from:

10/12/2014 5:00:00 PM

Valid to:

10/13/2015 4:59:59 PM

Subject:

CN=Bonjoy Software, O=Bonjoy Software, STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

6ECDDFA285D63C3C12319493D3EB9C66

File PE Metadata

Compilation timestamp:

10/9/2014 11:39:43 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:QuQsg07SvJv5xlBK9HMfKb9G7R/2yKphaZ0+2dc2uykyJBmdf7wc7ai/NO:QxsgnJhxlc9sfss2y8U2qhyk2Bmd0+1g

Entry address:

0x112670

Entry point:

60, BE, 00, B0, 47, 00, 8D, BE, 00, 60, F8, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B... 
[+]

Entropy:

7.7712

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

608 KB (622,592 bytes)

The file pixsta_install.exe has been seen being distributed by the following 7 URLs.

http://s6.picofile.com/d/8266757518/.../Instagram_6_18_0_p30plus_org.exe

http://cs09.superfiles.me/f/0/1471272880/58636312/0/.../Pixsta_Installer-spaces.ru.exe

http://dl.softandroid.ir/.../Instagram 6.18.0 - [SoftAndroid.ir].exe

temp:Instagram 6.18.0.exe

http://download.pixsta.com/.../Pixsta_Installer.exe

http://download.pixsta.com/.../Pixsta_Install.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to hosting.eurohoster.org (185.162.9.189:80)

TCP (HTTP):

Connects to static-ip-85-25-211-215.inaddr.ip-pool.com (85.25.211.215:80)

TCP (HTTP):

Connects to h88-150-135-234.host.redstation.co.uk (88.150.135.234:80)

TCP (HTTP):

Connects to static-212-247-80-53.cust.tele2.se (212.247.8.53:80)

TCP (HTTP):

Connects to static-212-247-12-152.cust.tele2.se (212.247.12.152:80)

TCP (HTTP):

Connects to mil04s29-in-f206.1e100.net (216.58.205.206:80)

TCP (HTTP):

Connects to mct01s06-in-f14.1e100.net (216.58.210.78:80)

TCP (HTTP):

Connects to fra16s20-in-f14.1e100.net (216.58.206.14:80)

TCP (HTTP):

Connects to fra16s18-in-f142.1e100.net (172.217.23.142:80)

TCP (HTTP):

Connects to ed-in-f113.1e100.net (74.125.143.113:80)

TCP (HTTP):

Connects to cache.google.com (217.175.200.123:80)

TCP (HTTP):

Connects to arn09s11-in-f14.1e100.net (172.217.22.174:80)

TCP (HTTP):

Connects to ams16s22-in-f14.1e100.net (216.58.212.238:80)

TCP (HTTP):

Connects to ams15s29-in-f14.1e100.net (172.217.17.110:80)

TCP (HTTP):

Connects to 209-88-193-135.barak.net.il (209.88.193.135:80)

Remove pixsta_install.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.