Multi-License Discount Quote

Change Region

English
Threat Database Browser Hijackers BonziBuddy

BonziBuddy

By CagedTech in Browser Hijackers

Threat Scorecard

Popularity Rank: 7,553
Threat Level: 50 % (Medium)
Infected Computers: 1,251
First Seen: July 24, 2009
Last Seen: January 25, 2026
OS(es) Affected: Windows

Registry Details

BonziBuddy may create the following registry entry or registry entries:
File name without path
bonzi.url

Analysis Report

General information

Family Name: BonziBuddy
Signature status: No Signature

Known Samples

MD5: 2ed7a4b240e9b3081c3eb9e454f9203d
SHA1: fd77b75746ac7bfdeb6764f0d1d649695192db31
SHA256: CBF1F63FD4B9C7DA307CB74C253C3BB3932C6F4DE86FC889895CE73B4DB85A0A
File Size: 1.25 MB, 1252352 bytes
MD5: aa2a2552c61f6ea08eabebf05c1bc944
SHA1: bf410ae61b32f77aba4512090682375230dd7d09
SHA256: A82E7B23508176B64CDA0037B4EFEC9950C19B5520A9E73FD115BC54ABF91795
File Size: 1.25 MB, 1252352 bytes
MD5: c76ece6f767a856c5878bdd95bcbde51
SHA1: 09b71c6d5b3fa8a0d742f0dec6b57ab523b8b7b1
SHA256: 44F01197D9959D6DE6D17FB9EF5EEB3ADD96D8C2ECCFAEBADBB0A959FABAB12A
File Size: 1.38 MB, 1382400 bytes
MD5: 29c6ee88761c550ea98b8e3d4ec34872
SHA1: 3da7f705ac3db32d45495d5d7d8ac9e8211fa878
SHA256: 2E1969A8CDABA6E7C88738427B89F8A71BD04CC550939E58C1154B6356E8FDC5
File Size: 371.53 KB, 371528 bytes
MD5: aac646fc28e7c1724203c91d6f98d1a5
SHA1: e4807244d6eb109ea215ed70ba75f97a2f74dcb0
SHA256: 1BA1C15B0F9B530695FBB649A012BD8D28F7EAF220643FC4A189A73F530228F5
File Size: 1.17 MB, 1172992 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version
  • 2.9.9514.24869
  • 2.8.9478.39101
  • 2.6.1.25208
  • 2.5.0.2522
Comments BonziBUDDY, the intelligent, interactive traveling companion on the Internet. Now remade and virus free!
Company Name TMAFE
File Description BonziBUDDY Rewritten
File Version
  • 2.9.9514.24869
  • 2.8.9478.39101
  • 2.6.1.25208
  • 2.5.0.2522
Internal Name BonziRW.exe
Legal Copyright
  • Copyright © TMAFE 2018 - 2025
  • Copyright © TMAFE 2018 - 2026
Original Filename BonziRW.exe
Product Name BonziBUDDY Rewritten
Product Version
  • 2.9.9514.24869
  • 2.8.9478.39101
  • 2.6.1.25208
  • 2.5.0.2522

Digital Signatures

Signer Root Status
BONZI Software BONZI Software Root Not Trusted

File Traits

  • .NET
  • .sdata
  • HighEntropy
  • NewLateBinding
  • x86

Block Information

Total Blocks: 645
Potentially Malicious Blocks: 2
Whitelisted Blocks: 518
Unknown Blocks: 125

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? 0 0 0 0 0 0 0 ? ? 0 ? ? x 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? 0 ? ? ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? x 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Autorun.FA

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~vis0000\default.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~vis0000\default.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~vis0000\english.vlg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~vis0000\english.vlg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~vis0000\miscdata.xyz Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~vis0000\miscdata.xyz Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~vis0000\rebootnt.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~vis0000\rebootnt.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~vis0000\tcpip32.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\users\user\appdata\local\temp\~vis0000\tcpip32.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~vis0000\uninst32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~vis0000\uninst32.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~vis0000\vise32ex.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~vis0000\vise32ex.dll Generic Write,Read Attributes
c:\windows\appcompat\programs\amcache.hve Read Data,Read Control,Write Data
c:\windows\appcompat\programs\amcache.hve Write Attributes
c:\windows\appcompat\programs\amcache.hve.log1 Read Data,Write Data
c:\windows\appcompat\programs\amcache.hve.log2 Read Data,Write Data

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\software\microsoft\tip\aggregateresults::data 馐ʊ耀ŚT隞̃耀꧌С- RegNtPreCreateKey

Windows API Usage

Category API
User Data Access
  • GetUserObjectInformation
Anti Debug
  • IsDebuggerPresent
Process Shell Execute
  • CreateProcess
Encryption Used
  • BCryptOpenAlgorithmProvider
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory

Shell Command Execution

C:\Windows\Microsoft.NET\Framework\v2.0.50727\\dw20.exe dw20.exe -x -s 868
C:\Windows\Microsoft.NET\Framework\v2.0.50727\\dw20.exe dw20.exe -x -s 820
C:\Windows\Microsoft.NET\Framework\v2.0.50727\\dw20.exe dw20.exe -x -s 852

Related Posts

Trending

Most Viewed

Loading...