home

64boost.dll

Boost Shopping

The module 64boost.dll, “Boost is an application designed to help you compare products and prices while you shop online.” by Boost Shopping has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Boost  (signed by Boost Shopping)

Product:
Boost

Description:
Boost is an application designed to help you compare products and prices while you shop online.

Version:
3.0.1.6

MD5:
bbb6887b81c9e31841500770c4b3203e

SHA-1:
20ae078a6b16a5fa2521b41b8063f91255095724

SHA-256:
843b2e942125245c5d6f2f24f091c04103976cadcaf1d90d2971c42920f4e555

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/27/2024 1:08:19 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Betwikx.BoostSho (M)
16.6.25.8

File size:
542.9 KB (555,952 bytes)

Product version:
3.0.1.6

Copyright:
(C) 2014 Boost Shopping. All right reserved.

File type:
Dynamic link library (Win64 DLL)

Language:
English (United States)

Common path:
C:\Program Files\boost\64boost.dll

Digital Signature
Signed by:
Boost Shopping

Authority:
Symantec Corporation

Valid from:
5/12/2015 8:00:00 PM

Valid to:
8/11/2016 7:59:59 PM

Subject:
CN=Boost Shopping, O=Boost Shopping, L=Bellevue, S=Washington, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
56BE18B038839D1B74FAC83C3F051C21

Registration
CLSID:
{2299856A-6506-42E3-A34F-CD35A47C1B19}

ProgID:
Boost.BoostBho.1

COM registered:
Yes

File PE Metadata
Compilation timestamp:
6/15/2015 12:30:17 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:UYeVPuHvVsq/IDad/+eQEv+LCKMRYQT14jwfOAfGtCbMrzjf09uRKPdrMQspKzoJ:UYeoH9sC8ad/+E+3M7kquQspKzoJ

Entry address:
0x2CF5C

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 53, BC, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, A7, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 8B, C1, 48, F7, D9, 48, A9, 07, 00, 00, 00, 74, 0F, 66, 90, 8A, 10, 48, FF, C0, 84, D2, 74, 5F, A8, 07, 75, F3, 49, B8, FF, FE, FE, FE, FE, FE, FE, 7E, 49, BB, 00, 01, 01...
 
[+]

Entropy:
5.9489

Code size:
269 KB (275,456 bytes)

Remove 64boost.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.