boost_790001_1010.exe

Rollnon

This is the Verti bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application boost_790001_1010.exe by Rollnon has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the Verti Setup installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.vertitechnologygroup.com.
Publisher:
Rollnon  (signed and verified)

MD5:
186d4d2e9a0e1f09ca912b1a928ff245

SHA-1:
790e31d80beeea1b39c4e4a968dfb32eae2cffc8

SHA-256:
56ae9878742a5667b04ecb164b65206a2d119069a3b2faed7e4ce7ee9a850f72

Scanner detections:
4 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/24/2024 12:13:32 AM UTC  (today)

Scan engine
Detection
Engine version

IKARUS anti.virus
AdWare.PricePeep
t3scan.1.6.1.0

Reason Heuristics
PUP.Rollnon.R
14.6.4.3

Trend Micro House Call
TROJ_GEN.F47V0526
7.2.155

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.0

File size:
882 KB (903,128 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Verti Setup (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\boost_790001_1010.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/2/2014 1:00:00 AM

Valid to:
4/3/2015 12:59:59 AM

Subject:
CN=Rollnon, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Rollnon, L=Bellevue, S=Washington, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
38DB31E5040834D048DA19B96D864789

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:lOKS4uejjNRaLbHUeakYzhH10+u8wc6L0hL3/59z2:6qTaf0He8wzL0pe

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.6556

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file boost_790001_1010.exe has been seen being distributed by the following URL.

Remove boost_790001_1010.exe - Powered by Reason Core Security