boost_50001_1010.exe

Rollnon

This is the Verti bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application boost_50001_1010.exe by Rollnon has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the Verti Setup installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d1t653m828c3x8.cloudfront.net and multiple other hosts.
Publisher:
Rollnon  (signed and verified)

MD5:
6b339fcbd78bbd4a108196c7c69efcd1

SHA-1:
da11406072eac94db5dd76d5fe95e85b3565eaef

SHA-256:
264dc1b61d25fca975d5b2f9a2db17ce98dc2ece8abde40dfacc4927fcb95f85

Scanner detections:
4 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/23/2024 11:12:44 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

IKARUS anti.virus
AdWare.PricePeep
t3scan.1.6.1.0

Reason Heuristics
PUP.Rollnon.Q
14.6.27.12

Trend Micro House Call
Suspicious_GEN.F47V0617
7.2.178

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

File size:
881.3 KB (902,496 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Verti Setup (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\boost_50001_1010.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/1/2014 5:00:00 PM

Valid to:
4/2/2015 4:59:59 PM

Subject:
CN=Rollnon, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Rollnon, L=Bellevue, S=Washington, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
38DB31E5040834D048DA19B96D864789

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:4hcjRZ7DEuo5LS2Bx8//IGID+9SkqpuNWQ2zdmS8K7dUFswXu2kN9Q/fsdEoVKH:4hyXvEuo52K2/0cnTTK5I92QcCu0

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.6557

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file boost_50001_1010.exe has been seen being distributed by the following 2 URLs.

http://d1t653m828c3x8.cloudfront.net/bundles/.../Boost_50001_1010.exe

Remove boost_50001_1010.exe - Powered by Reason Core Security