rsb.exe

Internet Speed Booster

Robust.ws

The application rsb.exe, “Internet Speed Booster Setup ” has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
Robust.ws

Product:
Internet Speed Booster

Description:
Internet Speed Booster Setup

Version:
1.0.0.21

MD5:
71389004046140d1e84484a756e0448b

SHA-1:
fac3a616e73cbe831cda51375ec9d49a3dc9385c

SHA-256:
54aad2169b9415a80181a6f47c66c5c948d45a6a06c26a02c487cac1780e1c77

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 10:47:18 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
BACKDOOR.Trojan
9.0.1.0118

ESET NOD32
Win32/BundleLoader.B potentially unwanted
9.11442

Fortinet FortiGate
Adware/Relevant
4/28/2015

herdProtect (fuzzy)
2015.7.28.10

Malwarebytes
PUP.Optional.RelevantKnowledge
v2015.04.28.07

McAfee
Artemis!713890040461
5600.6782

Trend Micro House Call
TROJ_GEN.R02PH05BN15
7.2.118

VIPRE Antivirus
Trojan.Win32.Generic
39170

File size:
4.6 MB (4,867,428 bytes)

Product version:
1.0.0.21

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\rsb.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:MUqTV38oT4qoeMKaUANTVUnpZJuICT6ne1wLJEj45t2ENrhYdQh8:DqJmeGXipqICTyekJP/2IrmdQ6

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9988

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file rsb.exe has been seen being distributed by the following 2 URLs.

Remove rsb.exe - Powered by Reason Core Security