» kboost.exe
Overview
Analysis
File Details
Behaviors (1)

kboost.exe

Typing Meter

Typing Innovation Group Ltd

The executable kboost.exe has been detected as malware by 3 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘TypingSatellite’.

File name:

kboost.exe

Publisher:

Typing Innovation Group Ltd (signed and verified)

Product:

Typing Meter

Version:

10.0.0.837

MD5:

caee60a3308e7e1cc6dbe48c9da37473

SHA-1:

2052cac1197d04536dda8db447321320d37eb89c

SHA-256:

cb4b291b20f821e731b43730662f4e88d87d577ae2f7630d435d1c2e55ae2d08

Scanner detections:

3 / 68

Status:

Malware

Analysis date:

11/2/2024 5:25:54 PM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Floxif.H virus

6.3.12010.0

F-Prot

W32/Floxif.B

4.6.5.141

F-Secure

Win32.Floxif.A

5.16.24

File size:

1.7 MB (1,804,887 bytes)

Product version:

10.0

Original file name:

kboost.exe

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\Program Files\typingmaster10\kboost.exe

Digital Signature

Signed by:

Typing Innovation Group Ltd

Authority:

COMODO CA Limited

Valid from:

10/21/2014 5:00:00 PM

Valid to:

10/21/2016 4:59:59 PM

Subject:

CN=Typing Innovation Group Ltd, O=Typing Innovation Group Ltd, STREET=Eerikinkatu 4 A 16, L=Helsinki, S=Uusimaa, PostalCode=00100, C=FI

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00C56433002A6A3169BE9DD968A2B63114

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0xB0810

Entry point:

E9, 18, 4E, F6, FF, F0, 53, B8, 68, 04, 4B, 00, E8, C7, 5A, F5, FF, 8B, 1D, 30, 2E, 4B, 00, A1, C0, 2C, 4B, 00, 33, D2, 89, 10, 8B, 03, BA, D0, 08, 4B, 00, E8, D0, 53, FB, FF, 8B, 0D, D4, 2F, 4B, 00, 8B, 03, 8B, 15, 08, FB, 4A, 00, E8, C5, 57, FB, FF, 8B, 0D, 94, 2F, 4B, 00, 8B, 03, 8B, 15, 64, A1, 47, 00, E8, B2, 57, FB, FF, 8B, 0D, 24, 2B, 4B, 00, 8B, 03, 8B, 15, 10, EB, 47, 00, E8, 9F, 57, FB, FF, 8B, 0D, C8, 2A, 4B, 00, 8B, 03, 8B, 15, 20, 55, 4A, 00, E8, 8C, 57, FB, FF, 8B, 0D, DC, 2C, 4B, 00, 8B, 03... 
[+]

Entropy:

6.5094

Packer / compiler:

Xtreme-Protector v1.05

Code size:

702.5 KB (719,360 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

TypingSatellite

Command:

"C:\Program Files\typingmaster10\kboost.exe"

Remove kboost.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.