home

boost.dll

Boost Shopping

The module boost.dll, “Boost is an application designed to help you compare products and prices while you shop online.” by Boost Shopping has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Boost’.
Publisher:
Boost  (signed by Boost Shopping)

Product:
Boost

Description:
Boost is an application designed to help you compare products and prices while you shop online.

Version:
3.0.1.6

MD5:
15c0c0b90eee8debce42bb9b56a4da3a

SHA-1:
5e3c749ff22b9d55f74f5ea39ca9d8e1341f94fb

SHA-256:
2a2c2c55dd8653291c34a68be0e926546c81b01c4a85e600de66775ad7286a36

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 8:17:30 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.BoostShopping (M)
15.6.21.19

File size:
482.4 KB (494,000 bytes)

Product version:
3.0.1.6

Copyright:
(C) 2014 Boost Shopping. All right reserved.

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\boost\boost.dll

Digital Signature
Signed by:
Boost Shopping

Authority:
Symantec Corporation

Valid from:
5/12/2015 5:00:00 PM

Valid to:
8/11/2016 4:59:59 PM

Subject:
CN=Boost Shopping, O=Boost Shopping, L=Bellevue, S=Washington, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
56BE18B038839D1B74FAC83C3F051C21

File PE Metadata
Compilation timestamp:
6/17/2015 9:02:04 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:sCcwRKAyYUBe6KmzGKFsI1fjDohS/soPT:QwRpUBe6KmzGKFRDx0ob

Entry address:
0x26FE2

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, B3, D3, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74...
 
[+]

Entropy:
6.1629

Code size:
246 KB (251,904 bytes)

Internet Explorer BHO
Display name:
Boost

CLSID:
{2299856A-6506-42E3-A34F-CD35A47C1B19}


Remove boost.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.