» pixsta_installer.exe
Overview
Analysis
File Details
Downloads (1)

pixsta_installer.exe

Bonjoy Software

The application pixsta_installer.exe by Bonjoy Software has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from download.pixsta.com.

File name:

Publisher:

Bonjoy Software (signed and verified)

MD5:

d08d0c05e2c55aa27086f597fb10247b

SHA-1:

8d8a9ae153331f31f0c2fc3a3070e7a5e7ff65b5

SHA-256:

e0557630e99eba19fd79314b1d4305edc395fbdb1161b46d4a0541baf605c9e3

Scanner detections:

9 / 68

Status:

Adware

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

5/31/2024 5:43:43 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.OpenCandy

4.0.3.14925

Dr.Web

Adware.OpenCandy.4

9.0.1.0268

ESET NOD32

Win32/OpenCandy (variant)

8.10460

G Data

Win32.Adware.OpenCandy

14.9.24

Malwarebytes

PUP.Optional.OpenCandy

v2014.09.25.09

McAfee

Artemis!D08D0C05E2C5

5600.6997

Reason Heuristics

PUP.BonjoySoftware.Q

14.11.21.23

Rising Antivirus

PE:PUF.OpenCandy!1.9DE5

23.00.65.14923

Trend Micro House Call

Suspicious_GEN.F47V0915

7.2.268

File size:

1.8 MB (1,870,200 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\pixsta_installer.exe

Digital Signature

Signed by:

Bonjoy Software

Authority:

COMODO CA Limited

Valid from:

7/31/2014 2:00:00 AM

Valid to:

8/1/2015 1:59:59 AM

Subject:

CN=Bonjoy Software, O=Bonjoy Software, STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

008994D64FEE6C2BD6A19EF823DEF5CAE4

File PE Metadata

Compilation timestamp:

2/24/2012 8:19:54 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:xl4v6Vhcmpd2D1ybb2QpTU2xsUFTdK88zxwyIw:xyvCeS2D8bNBU2hnH8zB

Entry address:

0x3883

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, 92, 40, 00, FF, 15, 84, 81, 40, 00, 68, 4C, 92, 40, 00, 68, C0, AD, 46, 00, E8, 18, 27, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 06, 27, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

27.5 KB (28,160 bytes)

The file pixsta_installer.exe has been seen being distributed by the following URL.

http://download.pixsta.com/.../Pixsta_Installer.exe

Remove pixsta_installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.