home

boost.exe

Boost

Boost Shopping

The application boost.exe, “Boost is an application designed to help you compare products and prices while you shop online.” by Boost Shopping has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Boost Shopping  (signed and verified)

Product:
Boost

Description:
Boost is an application designed to help you compare products and prices while you shop online.

Version:
4.0.3.7

MD5:
711dc715c347223a05cc8cba87f4b1a6

SHA-1:
8427cb2164aad71fb100da8e0ef6655d814e6826

SHA-256:
6096f6c0168c1a940229adf1895ee6016a32f63893a46f7cc47420c91c15e7e9

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 8:20:52 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Betwikx.BoostSho (M)
16.6.25.8

File size:
434.9 KB (445,328 bytes)

Product version:
4.0.3.7

Copyright:
(C) 2015 Boost Shopping. All right reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\boost\boost.exe

Digital Signature
Signed by:
Boost Shopping

Authority:
Symantec Corporation

Valid from:
5/12/2015 8:00:00 PM

Valid to:
8/11/2016 7:59:59 PM

Subject:
CN=Boost Shopping, O=Boost Shopping, L=Bellevue, S=Washington, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
56BE18B038839D1B74FAC83C3F051C21

File PE Metadata
Compilation timestamp:
6/15/2015 12:29:43 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:jFQGWHFw9JdCfyICwQ5v/AO2AO1GIhywAtqkDz:X9JIyj0mIAtqc

Entry address:
0x16B43

Entry point:
E8, 9E, 95, 00, 00, E9, 7F, FE, FF, FF, E8, 4F, 14, 00, 00, 85, C0, 75, 06, B8, CC, F2, 45, 00, C3, 83, C0, 0C, C3, 55, 8B, EC, 56, E8, E4, FF, FF, FF, 8B, 4D, 08, 51, 89, 08, E8, 20, 00, 00, 00, 59, 8B, F0, E8, 05, 00, 00, 00, 89, 30, 5E, 5D, C3, E8, 1B, 14, 00, 00, 85, C0, 75, 06, B8, C8, F2, 45, 00, C3, 83, C0, 08, C3, 55, 8B, EC, 8B, 4D, 08, 33, C0, 3B, 0C, C5, 60, F1, 45, 00, 74, 27, 40, 83, F8, 2D, 72, F1, 8D, 41, ED, 83, F8, 11, 77, 05, 6A, 0D, 58, 5D, C3, 8D, 81, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8...
 
[+]

Entropy:
6.2247

Code size:
269 KB (275,456 bytes)

Remove boost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.