utorrentturbobooster_installer.exe

Turbo Booster for uTorrent

Hipgnosis Vision

The application utorrentturbobooster_installer.exe by Hipgnosis Vision has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.download-boosters.com.
Publisher:
DownloadBoosters LLC  (signed by Hipgnosis Vision)

Product:
Turbo Booster for uTorrent

Version:
4.7.0.0

MD5:
1be7143132da1abd3a9a036adf390a00

SHA-1:
b903fe91a0b8204ab2d0eeeac55aa8cd0e1cc74d

SHA-256:
7f0af01088127bb62c951c590055e033851c386dda6c040c641959f13d0c95dc

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 1:04:41 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/DownWare
8.10217

Reason Heuristics
PUP.HipgnosisVision.EE
14.8.8.7

File size:
1.9 MB (2,036,760 bytes)

Copyright:
� DownloadBoosters LLC

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\utorrentturbobooster_installer.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/11/2014 1:00:00 AM

Valid to:
3/14/2015 12:59:59 AM

Subject:
CN=Hipgnosis Vision, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Hipgnosis Vision, L=Craiova, S=Dolj, C=RO

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
67706B72437E415E8AB76B9C4C85261D

File PE Metadata
Compilation timestamp:
2/24/2012 8:19:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:kBxBp45dv7oc4QX06p2I1rEfvv+tr0AiE5tMqA0ieN5D/:gxYocznp2I1rona0A5RBieN5L

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Entropy:
7.9814

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file utorrentturbobooster_installer.exe has been seen being distributed by the following URL.

Remove utorrentturbobooster_installer.exe - Powered by Reason Core Security