pureleadsob.6.7.exe

Bonjoy Software

The application pureleadsob.6.7.exe by Bonjoy Software has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from cdn.download4desktop.com.
Publisher:
Bonjoy Software  (signed and verified)

MD5:
6a7f2072034a535d47595d049e1888b4

SHA-1:
d773de3faa2dcbe5908e3bac70f956ba0c6d0bc7

SHA-256:
edb240172012ff26f4ed028056115bf045f6dead34ba15109cfccfecfb82d6a8

Scanner detections:
7 / 68

Status:
Adware

Analysis date:
12/23/2024 10:43:41 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Plugin.222
9.0.1.0194

ESET NOD32
Win32/AdWare.Sendori (variant)
8.10068

F-Secure
Adware.Sendori.E
11.2014-13-07_1

IKARUS anti.virus
PUA.Sendori
t3scan.1.6.1.0

Qihoo 360 Security
Win32/Virus.Adware.fb0
1.0.0.1015

Reason Heuristics
PUP.BonjoySoftware.N
14.11.21.23

Trend Micro House Call
Suspicious_GEN.F47V0706
7.2.194

File size:
3.3 MB (3,441,808 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\pureleadsob.6.7.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/11/2012 7:00:00 PM

Valid to:
6/12/2015 6:59:59 PM

Subject:
CN=Bonjoy Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Bonjoy Software, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
757970ED986FF5350A82A40B6B8F0E38

File PE Metadata
Compilation timestamp:
2/24/2012 1:19:54 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:HAph8r+02/TzhjyLGAry10BU3YinE375HKEckKV4Pj3IbO2NUG8XhXHuUfOTASg1:I8r+02/Tl+ih1EF93lHOERXhXHX2ho

Entry address:
0x3883

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, 92, 40, 00, FF, 15, 84, 81, 40, 00, 68, 4C, 92, 40, 00, 68, C0, AD, 46, 00, E8, 18, 27, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Entropy:
7.9979

Packer / compiler:
Nullsoft install system v2.x

Code size:
27.5 KB (28,160 bytes)

The file pureleadsob.6.7.exe has been seen being distributed by the following URL.

Remove pureleadsob.6.7.exe - Powered by Reason Core Security