pixsta_installer.exe

Bonjoy Software

The application pixsta_installer.exe by Bonjoy Software has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from download.pixsta.com.
Publisher:
Bonjoy Software  (signed and verified)

MD5:
d08d0c05e2c55aa27086f597fb10247b

SHA-1:
8d8a9ae153331f31f0c2fc3a3070e7a5e7ff65b5

SHA-256:
e0557630e99eba19fd79314b1d4305edc395fbdb1161b46d4a0541baf605c9e3

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/24/2024 12:54:20 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.OpenCandy
4.0.3.14925

Dr.Web
Adware.OpenCandy.4
9.0.1.0268

ESET NOD32
Win32/OpenCandy (variant)
8.10460

G Data
Win32.Adware.OpenCandy
14.9.24

Malwarebytes
PUP.Optional.OpenCandy
v2014.09.25.09

McAfee
Artemis!D08D0C05E2C5
5600.6997

Reason Heuristics
PUP.BonjoySoftware.Q
14.11.21.23

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5
23.00.65.14923

Trend Micro House Call
Suspicious_GEN.F47V0915
7.2.268

File size:
1.8 MB (1,870,200 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\pixsta_installer.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/31/2014 2:00:00 AM

Valid to:
8/1/2015 1:59:59 AM

Subject:
CN=Bonjoy Software, O=Bonjoy Software, STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
008994D64FEE6C2BD6A19EF823DEF5CAE4

File PE Metadata
Compilation timestamp:
2/24/2012 8:19:54 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:xl4v6Vhcmpd2D1ybb2QpTU2xsUFTdK88zxwyIw:xyvCeS2D8bNBU2hnH8zB

Entry address:
0x3883

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, 92, 40, 00, FF, 15, 84, 81, 40, 00, 68, 4C, 92, 40, 00, 68, C0, AD, 46, 00, E8, 18, 27, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
27.5 KB (28,160 bytes)

The file pixsta_installer.exe has been seen being distributed by the following URL.

Remove pixsta_installer.exe - Powered by Reason Core Security