home

bbsetuphom.exe

BONZI Software

The application bbsetuphom.exe by BONZI Software has been detected as a potentially unwanted program by 15 anti-malware scanners. The program is a setup application that uses the Wise Installer installer. The file has been seen being downloaded from web.archive.org.
Publisher:
BONZI Software  (signed and verified)

MD5:
3bd267474f221e1afa26557e2a0d1c36

SHA-1:
d7f54b2a0a5913a4e816f8d8027958cb21557a1f

SHA-256:
c1f475fa8f42f78cae2da5c8e3f10e767e98d3598405b304caaece0ba532a267

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 10:26:24 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
UnclassifiedMalware
21953

Dr.Web
Adware.Siggen.10267
9.0.1.0352

Fortinet FortiGate
Adware/BonziBuddy
12/18/2015

McAfee
Adware-BonziBuddy
5600.6548

NANO AntiVirus
Riskware.Win32.Bonzo.xdbwy
0.30.24.1357

Norman
Suspicious_Gen2.IMMJU
11.20151218

Panda Antivirus
Generic Malware
15.12.18.08

Sophos
Bonzi Buddy installer
4.98

SUPERAntiSpyware
Adware.BonziBuddy
9440

Trend Micro House Call
ADWARE_BONZI
7.2.352

Trend Micro
ADWARE_BONZI
10.465.18

Vba32 AntiVirus
AdWare.Bonzo
3.12.26.3

VIPRE Antivirus
BonziBuddy
39842

ViRobot
Adware.Bonzo.140568[h]
2014.3.20.0

File size:
137.3 KB (140,568 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Wise Installer

Language:
English (United States)

Common path:
C:\users\{user}\downloads\bbsetuphom.exe

Digital Signature
Signed by:
BONZI Software

Authority:
VeriSign, Inc.

Valid from:
1/10/2000 7:00:00 PM

Valid to:
1/30/2001 6:59:59 PM

Subject:
CN=BONZI Software, L=San Luis Obispo, S=CA, C=US, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU="www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98", OU=VeriSign Commercial Software Publishers CA, O="VeriSign, Inc.", L=Internet

Issuer:
OU=VeriSign Commercial Software Publishers CA, O="VeriSign, Inc.", L=Internet

Serial number:
64069635621A756FDA3CF9ECF3653D

File PE Metadata
Compilation timestamp:
4/8/1999 4:24:47 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:RCh9ErV8v992/7SOehiW+h1kDooNc5Lwn03vv:RCeV8lYmOeh9+8DooSMn8

Entry address:
0x1000

Entry point:
55, 8B, EC, 81, EC, 78, 05, 00, 00, 53, 56, BE, 04, 01, 00, 00, 57, 8D, 85, 94, FD, FF, FF, 56, 33, DB, 50, 53, FF, 15, 34, 20, 40, 00, 8D, 85, 94, FD, FF, FF, 56, 50, 8D, 85, 94, FD, FF, FF, 50, FF, 15, 30, 20, 40, 00, 8B, 3D, 2C, 20, 40, 00, 53, 53, 6A, 03, 53, 6A, 01, 8D, 85, 94, FD, FF, FF, 68, 00, 00, 00, 80, 50, FF, D7, 83, F8, FF, 89, 45, FC, 0F, 84, 7B, 01, 00, 00, 8D, 85, 90, FC, FF, FF, 50, 56, FF, 15, 28, 20, 40, 00, 8D, 85, 98, FE, FF, FF, 50, 53, 8D, 85, 90, FC, FF, FF, 68, 10, 30, 40, 00, 50...
 
[+]

Entropy:
7.8153

Packer / compiler:
Wise Installer Stub

Code size:
512 Bytes (512 bytes)

The file bbsetuphom.exe has been seen being distributed by the following URL.

https://web.archive.org/web/20011218060009/http://download.bonzi.com/freebuddy/.../bbsetuphom.exe

Remove bbsetuphom.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.