» boost_50001_1010.exe
Overview
Analysis
File Details
Downloads (2)

boost_50001_1010.exe

Rollnon

This is the Verti bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application boost_50001_1010.exe by Rollnon has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the Verti Setup installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d1t653m828c3x8.cloudfront.net and multiple other hosts.

File name:

Publisher:

Rollnon (signed and verified)

MD5:

6b339fcbd78bbd4a108196c7c69efcd1

SHA-1:

da11406072eac94db5dd76d5fe95e85b3565eaef

SHA-256:

264dc1b61d25fca975d5b2f9a2db17ce98dc2ece8abde40dfacc4927fcb95f85

Scanner detections:

4 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/23/2024 4:00:04 AM UTC (today)

Scan engine

Detection

Engine version

IKARUS anti.virus

AdWare.PricePeep

t3scan.1.6.1.0

Reason Heuristics

PUP.Rollnon.Q

14.6.27.12

Trend Micro House Call

Suspicious_GEN.F47V0617

7.2.178

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

File size:

881.3 KB (902,496 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Verti Setup (using Nullsoft Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\boost_50001_1010.exe

Digital Signature

Signed by:

Rollnon

Authority:

VeriSign, Inc.

Valid from:

4/1/2014 5:00:00 PM

Valid to:

4/2/2015 4:59:59 PM

Subject:

CN=Rollnon, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Rollnon, L=Bellevue, S=Washington, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

38DB31E5040834D048DA19B96D864789

File PE Metadata

Compilation timestamp:

12/5/2009 2:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:4hcjRZ7DEuo5LS2Bx8//IGID+9SkqpuNWQ2zdmS8K7dUFswXu2kN9Q/fsdEoVKH:4hyXvEuo52K2/0cnTTK5I92QcCu0

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.6557

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file boost_50001_1010.exe has been seen being distributed by the following 2 URLs.

http://d1t653m828c3x8.cloudfront.net/bundles/.../Boost_50001_1010.exe

http://d1s8azhe8rpvoz.cloudfront.net/bundles/.../Boost_50001_1010.exe

Remove boost_50001_1010.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.