» bonanzadealsupdate.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

bonanzadealsupdate.exe

BonanzaDeals

Bonanza Deals

The application bonanzadealsupdate.exe, “http://www.bonanzadeals.net/” by Bonanza Deals has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It runs as a scheduled task under the Windows Task Scheduler named BonanzaDealsUpdate triggered daily at a specified time. This file is typically installed with the program Bonanza Deals (remove only) by installCore which is a potentially unwanted software program.

File name:

Publisher:

BonanzaDealsUpdate (signed by Bonanza Deals)

Product:

BonanzaDeals

Description:

http://www.bonanzadeals.net/

Version:

3.1.0.0

MD5:

5826462e5834594a81e0397a097b5d3e

SHA-1:

8332820c7c778df09bf3cff63a09d4469c6db0ba

SHA-256:

dd68e577672f384ea6310a75de81833787c653e287900f01c0e9b0cd17f8f907

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/25/2024 11:20:58 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

17.3.4.20

File size:

76.5 KB (78,384 bytes)

Product version:

3.1.0.0

Trademarks:

BonanzaDeals and BonanzaDeals.net are trademarks or registered trademarks in the U.S. and/or other countries.

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\Program Files\bonanzadeals\bonanzadealsupdate.exe

Digital Signature

Signed by:

Bonanza Deals

Authority:

COMODO CA Limited

Valid from:

8/15/2013 5:30:00 AM

Valid to:

8/16/2014 5:29:59 AM

Subject:

CN=Bonanza Deals, O=Bonanza Deals, STREET=124 Iben Gabirol St., L=Tel Aviv, S=Israel, PostalCode=6203854, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

2BB18BD7033708E8767EFFC64881EE8D

File PE Metadata

Compilation timestamp:

12/6/2009 4:20:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

6.8380

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Scheduled Task

Task name:

BonanzaDealsUpdate

Trigger:

Daily (Runs daily at 12:26 AM)

The file bonanzadealsupdate.exe has been discovered within the following program.

Bonanza Deals (remove only) by installCore

Bonanza Deals is a web browser extension and toolbar that delivers contextual based advertising as well as modify the user's web browser home and search pages to provide advertising and search. What the browser extension does: - Changes the default search engine.

support.bonanzadeals.net

63% remove it

Remove bonanzadealsupdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.