pcboostersetup.exe

Energizer Softech Pvt ltd

The application pcboostersetup.exe by Energizer Softech Pvt ltd has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.movier.tv and multiple other hosts.
Publisher:
Energizer Softech Pvt ltd  (signed and verified)

MD5:
6ce82e40252faa7867cecca33d162a3d

SHA-1:
c454051abc7613139426af6ee4e1a265695c8151

SHA-256:
1e5c52e08d863076ab68b339781eec9268547b075732a3cd78bd7470f2449be2

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 10:35:17 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.7237

Dr.Web
infected with Trojan.DownLoader11.45558
9.0.1.05190

Reason Heuristics
Win32.Generic
16.4.7.7

Sophos
PUA 'Energizer Softech Installer' (of type Adware)
5.22

Zillya! Antivirus
Downloader.Agent.Win32.282011
2.0.0.2439

File size:
4.9 MB (5,091,064 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\pcboostersetup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
7/20/2011 8:00:00 PM

Valid to:
7/20/2016 7:59:59 PM

Subject:
CN=Energizer Softech Pvt ltd, O=Energizer Softech Pvt ltd, STREET=13/267 Geeta Colony, L=Delhi, S=Delhi, PostalCode=110031, C=IN

Issuer:
CN=COMODO Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
209A749E9EB13B3BCA0002A965947A5D

File PE Metadata
Compilation timestamp:
2/24/2012 2:19:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:0BJp8KhXRS5Dr45okN/ngf6doczCYu86iN8DZbVdi/Q5luZuqNW:aJpVzS5QK69hJ6m8DPMlNW

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Entropy:
7.9901

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file pcboostersetup.exe has been seen being distributed by the following 2 URLs.

Remove pcboostersetup.exe - Powered by Reason Core Security