» BandooGo.exe
Overview
Analysis
File Details
Programs (1)

BandooGo.exe

Bandoo

Bandoo Media Inc

The application BandooGo.exe by Bandoo Media Inc has been detected as a potentially unwanted program by 3 anti-malware scanners. This file is typically installed with the program Bandoo by Bandoo Media Inc.

File name:

BandooGo.exe

Publisher:

Bandoo Media Inc. (signed by Bandoo Media Inc)

Product:

Bandoo

Description:

Bandoo Go

Version:

6.0

MD5:

5a613f8ba15bc0f344b68bd5a94d4b40

SHA-1:

d489b0ebffe0a750ae37bab0c7de5bcfa3dc4e90

SHA-256:

f178a164701a0f6f6beb72c499a635ba6e65493025bf9fb0ffdd0947dffdbf24

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 11:09:26 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Avira AntiVirus

Adware/Bandoo.AA.150

7.11.31.236

ESET NOD32

Win32/Adware.Bandoo.AA (variant)

8.7195

Reason Heuristics

PUP.Optional.BandooMedia.I

14.8.29.14

File size:

1.1 MB (1,109,904 bytes)

Product version:

6.0.0.98636

Original file name:

BandooGo.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\bin\bandoogo.exe

Digital Signature

Signed by:

Bandoo Media Inc

Authority:

Thawte, Inc.

Valid from:

10/5/2010 5:00:00 PM

Valid to:

10/5/2012 4:59:59 PM

Subject:

CN=Bandoo Media Inc, O=Bandoo Media Inc, L=Panama City, S=Panama, C=PA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

5915CD3A113B9B2AE7B497DDDFCDF8F5

File PE Metadata

Compilation timestamp:

1/12/2011 3:21:08 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:PlFBczoM68iaJBM8kb1GPKIQeJ6t8Hm4u4cYUMJc/HtEDYmoxNN3AaZfCV:dQzimBM8OW64m4hfJcVEDYmoxNN3AaZ+

Entry address:

0x878BB

Entry point:

E8, DE, C5, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, A8, EC, 4C, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 54, B3, 4C, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 66, 8B, 08, 40, 40, 66, 85, C9, 75, F6, 2B, 45, 08, D1, F8, 48, 5D, C3, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74... 
[+]

Entropy:

6.4406

Code size:

807.5 KB (826,880 bytes)

The file BandooGo.exe has been discovered within the following program.

Bandoo by Bandoo Media Inc

Bandoo is an IM/messaging program. From the EUAL: "You hereby acknowledge that the Applications use various tools to enhance Your view of Web pages which You browse by adding Bandoo features to them, such as, for example, emoticons, winks and ads.

www.bandoo.com

52% remove it

Remove BandooGo.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.