imageboostsetup_ff.exe

NCIS Technologies Limited

The application imageboostsetup_ff.exe by NCIS Technologies Limited has been detected as a potentially unwanted program by 21 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
NCIS Technologies Limited  (signed and verified)

MD5:
f6f6a37a09380b6074dba0c33f19c362

SHA-1:
d39a21c8b1e26cc6377f648decc75d0cebe04ab0

SHA-256:
a0cb8a13c4ea20da382710be3158df07102a03464a0385a23934d93a156f8b04

Scanner detections:
21 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 2:26:43 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Adware.Relevant.CA
6280285

Agnitum Outpost
Adware.MarketScore
7.1.1

Avira AntiVirus
ADSPY/NaviPromo.J
7.11.197.232

avast!
Relevant-S [PUP]
141214-1

AVG
Potentially harmful program RelevantKnowledge
2014.0.4235

Bitdefender
Dropped:Adware.Relevant.CA
1.0.20.1795

Clam AntiVirus
W32S.Adware.RelevantKnowledge-2
0.98/19837

Comodo Security
ApplicUnwnt.Win32.AdWare.RK.~E
20469

Dr.Web
Threat.Undefined
9.0.1.05190

Emsisoft Anti-Malware
Dropped:Adware.Relevant.CA
9.0.0.4668

ESET NOD32
multiple threats
7.0.302.0

F-Secure
Dropped:Adware.Relevant.CA
11.2014-25-12_5

G Data
Dropped:Adware.Relevant.CA
14.12.24

Malwarebytes
PUP.Optional.RelevantKnowledge
v2014.12.25.04

MicroWorld eScan
Dropped:Adware.Relevant.CA
15.0.0.1077

NANO AntiVirus
Trojan.Win32.Relevant.crgfum
0.30.0.64448

Norman
Dropped:Adware.Relevant.CA
04.12.2014 14:30:06

nProtect
Dropped:Adware.Relevant.CA
14.12.24.01

Sophos
PUA 'RelevantKnowledge' (of type Adware)
5.09

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4753064
35418

File size:
583 KB (596,968 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\imageboostsetup_ff.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
12/14/2011 6:00:00 PM

Valid to:
12/14/2012 5:59:59 PM

Subject:
CN=NCIS Technologies Limited, O=NCIS Technologies Limited, L=Wilmington, S=Delaware, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
085CF6F3312A433B1D49A8C12B31A107

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:29GZZaRpfYLdgJLwblrj0eFrggMlwcdr0zAZ:29GZZa3UgJGNxNObdz

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9433

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file imageboostsetup_ff.exe has been seen being distributed by the following URL.

Remove imageboostsetup_ff.exe - Powered by Reason Core Security