home

boost.exe

Boost

Boost Shopping

The application boost.exe, “Boost is an application designed to help you compare products and prices while you shop online.” by Boost Shopping has been detected as adware by 2 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Boost’.
Publisher:
Boost Shopping  (signed and verified)

Product:
Boost

Description:
Boost is an application designed to help you compare products and prices while you shop online.

Version:
4.0.3.6

MD5:
714f0af04cf05abecb87dbc5a6f69c09

SHA-1:
f47277fa921a1d8da91217e158aaf18c38fe5876

SHA-256:
b2a39f268cc62f92c7d8cb90318d4bd40f0fff8b7606a27c61665942b8ade1a6

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
11/27/2024 12:21:12 AM UTC  (today)

Scan engine
Detection
Engine version

Malwarebytes
PUP.Optional.Boost.A
v2015.06.11.11

Reason Heuristics
PUP.BoostShopping
15.6.11.19

File size:
427.9 KB (438,160 bytes)

Product version:
4.0.3.6

Copyright:
(C) 2015 Boost Shopping. All right reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\boost\boost.exe

Digital Signature
Signed by:
Boost Shopping

Authority:
Symantec Corporation

Valid from:
5/12/2015 8:00:00 PM

Valid to:
8/11/2016 7:59:59 PM

Subject:
CN=Boost Shopping, O=Boost Shopping, L=Bellevue, S=Washington, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
56BE18B038839D1B74FAC83C3F051C21

File PE Metadata
Compilation timestamp:
6/10/2015 4:17:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:ZprMdigJcF/zEx9SOKxa3QLqV6oWDAOYSOjdAOqvAVq58LwwXdw815u85:iaxzEx9pZVWDbWYA8mXdw81sg

Entry address:
0x166A3

Entry point:
E8, 9E, 95, 00, 00, E9, 7F, FE, FF, FF, E8, 4F, 14, 00, 00, 85, C0, 75, 06, B8, CC, E2, 45, 00, C3, 83, C0, 0C, C3, 55, 8B, EC, 56, E8, E4, FF, FF, FF, 8B, 4D, 08, 51, 89, 08, E8, 20, 00, 00, 00, 59, 8B, F0, E8, 05, 00, 00, 00, 89, 30, 5E, 5D, C3, E8, 1B, 14, 00, 00, 85, C0, 75, 06, B8, C8, E2, 45, 00, C3, 83, C0, 08, C3, 55, 8B, EC, 8B, 4D, 08, 33, C0, 3B, 0C, C5, 60, E1, 45, 00, 74, 27, 40, 83, F8, 2D, 72, F1, 8D, 41, ED, 83, F8, 11, 77, 05, 6A, 0D, 58, 5D, C3, 8D, 81, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8...
 
[+]

Entropy:
6.2205

Code size:
264.5 KB (270,848 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Boost

Command:
C:\Program Files\boost\boost.exe


Remove boost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.