home

boost.exe

Boost

Boost Shopping

The application boost.exe, “Boost is an application designed to help you compare products and prices while you shop online.” by Boost Shopping has been detected as adware by 3 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Boost’.
Publisher:
Boost Shopping  (signed and verified)

Product:
Boost

Description:
Boost is an application designed to help you compare products and prices while you shop online.

Version:
4.0.3.9

MD5:
790f8e49000ddef7f573f30a42e53c92

SHA-1:
47ed579be21d13c0d8aecfb80658d28b3876c996

SHA-256:
d85a4915f950eb771283b0149d59bc6916c4330eef02462f73b6cc030529a251

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
11/23/2024 8:01:25 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.3071

Malwarebytes
PUP.Optional.Boost.A
v2015.06.21.07

Reason Heuristics
PUP.BoostShopping (M)
15.6.21.19

File size:
434.9 KB (445,328 bytes)

Product version:
4.0.3.9

Copyright:
(C) 2015 Boost Shopping. All right reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\boost\boost.exe

Digital Signature
Signed by:
Boost Shopping

Authority:
Symantec Corporation

Valid from:
5/12/2015 5:00:00 PM

Valid to:
8/11/2016 4:59:59 PM

Subject:
CN=Boost Shopping, O=Boost Shopping, L=Bellevue, S=Washington, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
56BE18B038839D1B74FAC83C3F051C21

File PE Metadata
Compilation timestamp:
6/17/2015 8:47:06 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:Mapelpnw/0LAgc/jaWlDikdAO79AOSeY3CwA0kZCyrW0vz7:Z0LAHjSKDoZO0kZCyi0/

Entry address:
0x16B63

Entry point:
E8, 9E, 95, 00, 00, E9, 7F, FE, FF, FF, E8, 4F, 14, 00, 00, 85, C0, 75, 06, B8, CC, F2, 45, 00, C3, 83, C0, 0C, C3, 55, 8B, EC, 56, E8, E4, FF, FF, FF, 8B, 4D, 08, 51, 89, 08, E8, 20, 00, 00, 00, 59, 8B, F0, E8, 05, 00, 00, 00, 89, 30, 5E, 5D, C3, E8, 1B, 14, 00, 00, 85, C0, 75, 06, B8, C8, F2, 45, 00, C3, 83, C0, 08, C3, 55, 8B, EC, 8B, 4D, 08, 33, C0, 3B, 0C, C5, 60, F1, 45, 00, 74, 27, 40, 83, F8, 2D, 72, F1, 8D, 41, ED, 83, F8, 11, 77, 05, 6A, 0D, 58, 5D, C3, 8D, 81, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8...
 
[+]

Entropy:
6.2213

Code size:
269 KB (275,456 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Boost

Command:
C:\Program Files\boost\boost.exe


Remove boost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.