home

boost.exe

Boost

Boost Shopping

The application boost.exe, “Boost is an application designed to help you compare products and prices while you shop online.” by Boost Shopping has been detected as adware by 4 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Boost’.
Publisher:
Boost Shopping  (signed and verified)

Product:
Boost

Description:
Boost is an application designed to help you compare products and prices while you shop online.

Version:
4.0.3.8

MD5:
a68416670041b6cc3239b3ab0730d475

SHA-1:
31d5ae58d08be47d12e7747433ef14be155d327f

SHA-256:
e4207a7c6eb3d13b0f5658eca64af476756a0b8d89ca45037ee9ad48284d2ba8

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
11/23/2024 7:35:25 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.2950

Dr.Web
Adware.Shopper.935
9.0.1.0294

Malwarebytes
PUP.Optional.Boost.A
v2015.10.21.11

Reason Heuristics
PUP.Betwikx.BoostShopping (M)
15.10.21.11

File size:
434.9 KB (445,328 bytes)

Product version:
4.0.3.8

Copyright:
(C) 2015 Boost Shopping. All right reserved.

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\boost\boost.exe

Digital Signature
Signed by:
Boost Shopping

Authority:
Symantec Corporation

Valid from:
5/13/2015 3:00:00 AM

Valid to:
8/12/2016 2:59:59 AM

Subject:
CN=Boost Shopping, O=Boost Shopping, L=Bellevue, S=Washington, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
56BE18B038839D1B74FAC83C3F051C21

File PE Metadata
Compilation timestamp:
6/15/2015 10:36:22 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:ZwvDMF3geCfyy5nXYV/MAOZAOf+jGkuwwtE1NFqk2a:dgHymYGboGrtE1NFqC

Entry address:
0x16B93

Entry point:
E8, 9E, 95, 00, 00, E9, 7F, FE, FF, FF, E8, 4F, 14, 00, 00, 85, C0, 75, 06, B8, CC, F2, 45, 00, C3, 83, C0, 0C, C3, 55, 8B, EC, 56, E8, E4, FF, FF, FF, 8B, 4D, 08, 51, 89, 08, E8, 20, 00, 00, 00, 59, 8B, F0, E8, 05, 00, 00, 00, 89, 30, 5E, 5D, C3, E8, 1B, 14, 00, 00, 85, C0, 75, 06, B8, C8, F2, 45, 00, C3, 83, C0, 08, C3, 55, 8B, EC, 8B, 4D, 08, 33, C0, 3B, 0C, C5, 60, F1, 45, 00, 74, 27, 40, 83, F8, 2D, 72, F1, 8D, 41, ED, 83, F8, 11, 77, 05, 6A, 0D, 58, 5D, C3, 8D, 81, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8...
 
[+]

Entropy:
6.2227

Code size:
269 KB (275,456 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Boost

Command:
C:\Program Files\boost\boost.exe


Remove boost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.