home

boost.exe

Boost

Boost Shopping

The application boost.exe, “Boost is an application designed to help you compare products and prices while you shop online.” by Boost Shopping has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Boost Shopping  (signed and verified)

Product:
Boost

Description:
Boost is an application designed to help you compare products and prices while you shop online.

Version:
4.0.3.9

MD5:
bf9d5153378801345083b917b540c910

SHA-1:
f71a0fe9ede4fdaced888f25eae6fb277dfce47a

SHA-256:
d85a4915f950eb771283b0149d59bc6916c4330eef02462f73b6cc030529a251

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 7:45:32 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Betwikx.BoostShopping (M)
15.8.18.9

File size:
434.9 KB (445,328 bytes)

Product version:
4.0.3.9

Copyright:
(C) 2015 Boost Shopping. All right reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\boost\boost.exe

Digital Signature
Signed by:
Boost Shopping

Authority:
Symantec Corporation

Valid from:
5/12/2015 8:00:00 PM

Valid to:
8/11/2016 7:59:59 PM

Subject:
CN=Boost Shopping, O=Boost Shopping, L=Bellevue, S=Washington, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
56BE18B038839D1B74FAC83C3F051C21

File PE Metadata
Compilation timestamp:
6/17/2015 11:47:06 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:Mapelpnw/0LAgc/jaWlDikdAO79AOSeY3CwA0kZCyrW0vz7:Z0LAHjSKDoZO0kZCyi0/

Entry address:
0x16B63

Entry point:
E8, 9E, 95, 00, 00, E9, 7F, FE, FF, FF, E8, 4F, 14, 00, 00, 85, C0, 75, 06, B8, CC, F2, 45, 00, C3, 83, C0, 0C, C3, 55, 8B, EC, 56, E8, E4, FF, FF, FF, 8B, 4D, 08, 51, 89, 08, E8, 20, 00, 00, 00, 59, 8B, F0, E8, 05, 00, 00, 00, 89, 30, 5E, 5D, C3, E8, 1B, 14, 00, 00, 85, C0, 75, 06, B8, C8, F2, 45, 00, C3, 83, C0, 08, C3, 55, 8B, EC, 8B, 4D, 08, 33, C0, 3B, 0C, C5, 60, F1, 45, 00, 74, 27, 40, 83, F8, 2D, 72, F1, 8D, 41, ED, 83, F8, 11, 77, 05, 6A, 0D, 58, 5D, C3, 8D, 81, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8...
 
[+]

Entropy:
6.2213

Code size:
269 KB (275,456 bytes)

Remove boost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.