» utorrentturbobooster_installer.exe
Overview
Analysis
File Details
Downloads (1)

utorrentturbobooster_installer.exe

Turbo Booster for uTorrent

Hipgnosis Vision

The application utorrentturbobooster_installer.exe by Hipgnosis Vision has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.download-boosters.com.

File name:

Publisher:

DownloadBoosters LLC (signed by Hipgnosis Vision)

Product:

Turbo Booster for uTorrent

Version:

4.7.0.0

MD5:

1be7143132da1abd3a9a036adf390a00

SHA-1:

b903fe91a0b8204ab2d0eeeac55aa8cd0e1cc74d

SHA-256:

7f0af01088127bb62c951c590055e033851c386dda6c040c641959f13d0c95dc

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

11/5/2024 1:04:41 PM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/DownWare

8.10217

Reason Heuristics

PUP.HipgnosisVision.EE

14.8.8.7

File size:

1.9 MB (2,036,760 bytes)

� DownloadBoosters LLC

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\utorrentturbobooster_installer.exe

Digital Signature

Signed by:

Hipgnosis Vision

Authority:

VeriSign, Inc.

Valid from:

2/11/2014 1:00:00 AM

Valid to:

3/14/2015 12:59:59 AM

Subject:

CN=Hipgnosis Vision, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Hipgnosis Vision, L=Craiova, S=Dolj, C=RO

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

67706B72437E415E8AB76B9C4C85261D

File PE Metadata

Compilation timestamp:

2/24/2012 8:19:59 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:kBxBp45dv7oc4QX06p2I1rEfvv+tr0AiE5tMqA0ieN5D/:gxYocznp2I1rona0A5RBieN5L

Entry address:

0x39E3

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00... 
[+]

Entropy:

7.9814

Packer / compiler:

Nullsoft install system v2.x

Code size:

28 KB (28,672 bytes)

The file utorrentturbobooster_installer.exe has been seen being distributed by the following URL.

http://www.download-boosters.com/.../uTorrentTurboBooster_installer.exe

Remove utorrentturbobooster_installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.