boost_190001_1010.exe

Rollnon

This is the Verti bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application boost_190001_1010.exe by Rollnon has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the Verti Setup installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from cdn.download4desktop.com.
Publisher:
Rollnon  (signed and verified)

MD5:
02d074567a81e794ee25a6e42c319b16

SHA-1:
f5fce442b6d67badc045689d3483a5f4da0611f6

SHA-256:
fb0606a1005f9508db6696e05028327c89cebd42bd71c96dd132de660d6c9ff3

Scanner detections:
4 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/23/2024 4:17:19 AM UTC  (today)

Scan engine
Detection
Engine version

IKARUS anti.virus
AdWare.PricePeep
t3scan.1.6.1.0

Reason Heuristics
PUP.Rollnon.R
14.6.23.18

Trend Micro House Call
Suspicious_GEN.F47V0610
7.2.174

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

File size:
882.2 KB (903,368 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Verti Setup (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\boost_190001_1010.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/1/2014 8:00:00 PM

Valid to:
4/2/2015 7:59:59 PM

Subject:
CN=Rollnon, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Rollnon, L=Bellevue, S=Washington, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
38DB31E5040834D048DA19B96D864789

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:yP0RvZAUVU1Vf58Gq1tRPEk9ERGMWFy8Spxtjwj26Uhb0dWiNWH26SubaYd5b86N:yPck1qFPEk9ERfW85Vnb0jNW0ud5b8n8

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.6557

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file boost_190001_1010.exe has been seen being distributed by the following URL.

Remove boost_190001_1010.exe - Powered by Reason Core Security