home

pixsta_install.exe

Pixsta

Bonjoy Software

The application pixsta_install.exe, “Pixsta Setup Program” by Bonjoy Software has been detected as adware by 4 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
Pokki  (signed by Bonjoy Software)

Product:
Pixsta

Description:
Pixsta Setup Program

Version:
0.269

MD5:
139fe00cd9aff553a011e7e9027a9f02

SHA-1:
c98fd1b3315e9cfb5babb6e4a15a5382d867404b

SHA-256:
fbbf136e134c5f9ad40130fb7e265c58cbbdd3f94bf4d28c8dffbc81621cbd65

Scanner detections:
4 / 68

Status:
Adware

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
11/12/2024 6:59:09 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.OpenCandy
4.0.3.1571

ESET NOD32
Win32/OpenCandy (variant)
9.10671

Reason Heuristics
PUP.BonjoySoftware.Installer (M)
15.7.1.16

Trend Micro House Call
Suspicious_GEN.F47V1029
7.2.182

File size:
679.5 KB (695,808 bytes)

Product version:
0.269

Copyright:
(C) SweetLabs, Inc.

Original file name:
PixstaSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\pixsta_install.exe

Digital Signature
Signed by:
Bonjoy Software

Authority:
COMODO CA Limited

Valid from:
7/31/2014 5:30:00 AM

Valid to:
8/1/2015 5:29:59 AM

Subject:
CN=Bonjoy Software, O=Bonjoy Software, STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
008994D64FEE6C2BD6A19EF823DEF5CAE4

File PE Metadata
Compilation timestamp:
10/10/2014 12:09:43 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:puQsg07SvJv5xlBK9HMfKH6nMsXys6+N2l5OSN3VsCMhP8O8SxO9CUL7:pxsgnJhxlc9sf+6ev+NpylTMhP1lxO9b

Entry address:
0x111450

Entry point:
60, BE, 00, 90, 47, 00, 8D, BE, 00, 80, F8, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.7711

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
612 KB (626,688 bytes)

Remove pixsta_install.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.