» ares-galaxy-turbo-booster-7-2-0-en-win.exe
Overview
Analysis
File Details
Downloads (12)

ares-galaxy-turbo-booster-7-2-0-en-win.exe

Ares Galaxy Turbo Booster

Hipgnosis Vision

The application ares-galaxy-turbo-booster-7-2-0-en-win.exe by Hipgnosis Vision has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.

File name:

Publisher:

DownloadBoosters LLC (signed by Hipgnosis Vision)

Product:

Ares Galaxy Turbo Booster

Version:

7.2.0.0

MD5:

14da0998a00161ddce46e1fb1d35061d

SHA-1:

ff6c37f26ea898adedecdfef0851be99d0ee4297

SHA-256:

3884dae66ee3e721ef43f0956828bf93f792a04e28f26a150817584f8b6a3298

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

5/4/2024 11:22:21 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

16.7.24.15

File size:

2 MB (2,073,992 bytes)

� DownloadBoosters LLC

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\ares-galaxy-turbo-booster-7-2-0-en-win.exe

Digital Signature

Signed by:

Hipgnosis Vision

Authority:

Symantec Corporation

Valid from:

2/15/2015 7:00:00 PM

Valid to:

4/16/2016 6:59:59 PM

Subject:

CN=Hipgnosis Vision, O=Hipgnosis Vision, L=Craiova, S=Dolj, C=RO

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

74CB8A9F6210A537EAE293153461ED0C

File PE Metadata

Compilation timestamp:

2/24/2012 2:19:59 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:ok/I46V5T+sQxhEN7RxgKQk/5VgjUT6sZAX0:t/I4SFMjEN7RxyA5Vg+PAX0

Entry address:

0x39E3

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

28 KB (28,672 bytes)

The file ares-galaxy-turbo-booster-7-2-0-en-win.exe has been seen being distributed by the following 12 URLs.

https://dw.uptodown.com/dwn/W2CG_9kVFCmwdzhvpUcJmNDn3e0Sv7UHBxmj8bAIvLig_rb7T2M6pCPhjHApvJM7WDtrHBRTbitcfoW_NKQQAN8wjxW3Um8WSd3PtCqIz94qgFwmiuCQtwFQVv5aFzoM/PYPfVmfcdmRDeRN6-3uQT9rttSiLmB6DdJwsxyFphLUWC4F_40oD4WqauEJj9WwsRaa9T7omDg3cxokLPd1iqDlV2L74kEJ95C-KJFbD-Oio3ySGDHEPJ3Kn_vY8ZArf/lYS9WNPXWc-B2zp-u0YJngVXJRkgY_dpIZfKP1-M14QCUBSK_CmYP9Q9CzZq-vOsVlkpLxqQggJALUo2WQ5w2mBMpkpY-UfLLV-XtgtFvP8F2Hgvh1F3qb8xvXUEcU8c/.../

https://dw.uptodown.com/dwn/8yYQ76kvfeEN9acNPv4_jHVPZ2NbaC5FA6rcegew-uKg7ADJHMJGWnxhA0_k4oS-hqB-EMXnKbBdyObCSE9UF_txQ8-KOkSYwbNDp0kAag9aKz3OZ0DgTEueEuiZNU1a/JWlzkfbDzFzbQ-ezjNpPs1xhZyRSl4o6IKpw6fcNoqea0y4cEsseJbynWCQ0i9F4dvzY01tOo953KfdREB8RcTLDXnTrk5WKqIKTsJRlsvCesbNCjauzlyBjFEs_SnLY/e-PQ_VwtPhFz2R9x0TK_lxTp_hDq3ASy6o8AL-bE4VTFQE8tFsMbLtSiiPxQC4R_oYZrYm7qsCvkSC2ZTEQ0d_syZ9A2Ae7PgP6byXVc2tVlaKT2eKdZpsSqw_lbUrsB/.../

http://dw.uptodown.com/dwn/Fq1Jxsg3ZzZX3DSWzqQ_MT6PIdq3oe5Ra_BVdI3ZgxmVJ4CvjSqR6gHzVEaSRd4sulLdM7KJYrSPlHzWbb6lv-b6Cz5t7ZLxnxMIWsGPaJJjcUM028ZDG6mS2e6KyXzL/mQVCpAbO7I-jCzlNe1lTA6-PtDHZDsQYCtHhmG3iBjK06Iuyy49OzUIT4sh-Xm3sl6XFQjBs3w_tkPpUjXLlLon4TI2C66tSOMsoQPFVoBCAYihJyICdYa6PtLrYj3Vz/tpfiucrryDADt1vnG7sB2zl8ToXhNOCcTvW472WnOQ1yzb9fNCOwIJgwiF2uo2RJA5f9t_VG_Og-pfZ1aK4g4Op8duG57xUO1hrBwRtDGPQ4HahDIiglRTcSr_0BF8Gw/.../

https://dw.uptodown.com/dwn/5gp_USeAdUirAIrYjjwGOmbgMG9S9RoIiWMHF8lVK0pGbfPTC70fsWH3LmiPXpiXYcTeSDIYAiOujkoy4akJ5xjPhM_OkwlLEQqhm0eoGZxVPVHZnc5LnLvT6Bs0cEQ-/chAh-ig55DkDujEmoK9BRB8QlZ49PEXhuNVUzV8covSwhYWFcRSiynqj4BoEYvB1EjxV7wHKNqPdCtzTQUym6fwMaXqSYzzjRXNg2EXY9maZxOJShPrxDJ3dg6vGaksY/EA179CYG0OHE8uKMI8wKizw-0jrfxf7W2WutX1S9nxas4rjbwmivLhuUejwbo8dbb0aCxVCHbdRJLToZM58JUJXBPhKwSs1NyC1LB8QghJZot0v8Ij98QuFevVsrqM-f/.../

https://dw.uptodown.com/dwn/qfUyQTO5rB8oMauDefjfjpbfv0kyn8tTbr3oTT9yBi8mHL6kRTzqLmY5KvWimaGzBadLxl1Ruh3RjGzgLhPJmPqgSYl7Ldk4sRceY2sTFeJr38uuvuzaiMoo0lPFihUk/OKv68Pj3UxsC8oDZ6CxvEhDrTzdObMZ6IB_PoJt8YiheAct2KuGIWSdhmW2MIDyFrzO9IDReWmuFeB_Xgziq_a6uyxZSY5zQkTnAfl0B8JBEaoeddB4KSzjR33cI5lAw/kpOhIZLP0mhRDAmgRzUjdpEBGWOLu8fIBHaXW6sbQi_pOR8crqrUiWg3MDAArqb-jcqiiVUk5N1ox0pECfn6r68CCpNzHnjqYDKVxXQdBL4zaX1sZp-7Hh7vmQj4aMdu/.../

https://dw.uptodown.com/dwn/DCDb5dPu5m-mm7ARqwMJOuP18QyjwTXCuaQzIvlfrGRRu8poog4uMhM5dVtgRxfhDC43i5edNN-WZDTOsL_2QJkf0Ng7tjGmQc771LYWhpTq6XFpgOdU4T6AuhBPQaXJ/qi2ARSHjxXS4HXL0RM9ugodqF_g3XC1q43ouSonAdIOvWjNCUpZxKElGZHkalTJfaQXJ1Ipxso-7Fo5uwFlU8_jjAw0cRzlaAWHmEpBucreBl2UeeaG8bJ7Zd5UvmGl6/vX0TXyGSAyuOmqCJX416BZ2OP7-oc3XN61fPjiE7m6sfBgeDsHlBCEnHY5NFmfQoeV7eeFWlEWANPEYI22IGMf0u669aeTZukzlqeaHnlgPbO_mZFcEhtlO7k11NXShW/.../

https://dw.uptodown.com/dwn/uSbiCtWg_B7FMmhG_7ZJ0sxtfXcvxywhom8Uu2KUwxclxRu39qtrM-kXfaFl_fFfs9ZdMCbo2gBp2gk4pqneFPGMX11SVkWAlsCy4XqP7lRJ4_tUO8s9tX-YL4dP_hUf/ejfhaef0ZZTsY3nGXkBD_s_DzN4fXteJ92w0K7Opsg5VRtCcaP_IJxeX5n88YmTz8W18F_Ot8lcgYf5Re37bCpshKcS4z7AQTnNBPfFfXR2WkB-1J_jgGxgBVgRbd1aR/TdLLEckjn5JhAnL2XdKWSF5ys_58BWI1lbd2DjAK_xezqFPOZTYUVSV23DSfVOBw6Lcz2juW9mB_IXUJghxZxHP44n2aPCGYIU_Bne3SLiSUNUfPbgeeOBL0UBRrZ_PK/.../

https://dw.uptodown.com/dwn/dTbuCYF8CkBj33dG-WUOnzKSJb7OBOghzEKLwitnNqmGCMCPF-JvoTQSFFKYb-VfoycRxX2WYw0lx5kmdL19yVVEa4e6ygB7ei4oC2qZlVZjru6-hOmwBnflZwL9a8Do/l6RMR1HjLpy85tLOOQcYNAijBXNASlF0S-LSlMJiOHjOdhu9cvncQ-CV2AIYmKXmYwS2RMuc1Rp6wi0hoZqjjbv68rBf2FYMOKciQwhNymFOjBrDD0k8ZDeV-vIr7Q50/M8rs-l-Z5Xb6uh4QtwTtf_CnmAMOp4vWHa-nr7mpQMdeZi7_mKz-Ps493ciQXZoTRe_7cR2ZvyfwRCIwbAmjRI3BXMshUzjRdYK4W4P6GtiF7DIayFX1PCcE2ArE7cFj/.../

https://dw.uptodown.com/dwn/bXefV3TH69jkE1n75hIunJ8aYqAA9SeuxPX3skBQcWNVW4-ubG19KWgW3lkabrRa9bHMOZyu9PkQJgf9GG8abe0zlx5wEFOGhuCxbghvKnIgd2MG118QPgvDYLn7a5Bx/w9KWI2B86MaLjo1cJVLqV1NHn6PXgKuJufV31HejE-MSrrDvd-ryGcEFQGvZHt8QwsawhT0Ghq8RpHUSEOBTHVrk-Cv3Ap_1b9kewdysQe1hX0i2VdNH5DfMU44Sv6mW/vs8YzQExu8zYP2ZYoil3wNZjotM1FUZ9iDsUKe_rzT37QNfDzEnnAT8YUrEhkYcPkGZxlGlftW_ooa-_SdhZxbvrmi4Oeczni47ycu25TmTW4UaSWpIju9R8SFUcCqvA/.../

https://dw.uptodown.com/dwn/EpUOm0Y-z1wN7kGbeZja7TP1YHUPu7-q5R3zdq8xAMbf-u9YLG89ZXvM-k2sg3jwD_hIruWGBbq2uk4Gam0F9rW4aIentZPCne3jziTFIumDuqRtwbfmsNTj7kNF9UtX/9s_h3jyK-oMD0LsYJbVk-jBKyHm5a7eWiCeo0TX9w7MTVA5gd0BgvoN25tGxlO2CnuHbORSn1_TWX9TYgxJLjRyI4AiHAGj2JpeWH6n4do5j8AADB-cMOC55y6Yy4QeR/Fmh8fAffsgBFCutVsK8xJP307brG6EqQsP1p1taCEVEE7QxvxdpwMf7-8a_W70PoVTd4DBWBB7NmyrB9C10lR_i_lpwSFX9bOzZQLhNSP62BIPn0PijGfm-6SwwC2dFv/.../

https://dw.uptodown.com/dwn/QM8FyF7Vuep7hpVbo72QkriwmtuXZ1rscZkMnKbp7DtDJVT6vpsd_oPsbB7615bRMIMLMUy0jnqrMuJxVIdNDO6vnGsWrEiNYZPSBTxw3OAkcXYLkonMG3MKfQ5GlNxK/x9wblZeG7HlyOvclFXh03z0AR14HIFcZgg1Bvw-0VersjM_SJvx_Ba17LPNlu11oJ1BD4teXS5f5rWOa6Av2-0N2480Oty3Mby-Zve8XTOeB4RcI9nMVyaFCC63x40f5/4M-XzypNUrImuUSNrm-qH7ulV0grViUxe_pRDwKCC92uccyDZDf_XQgnNHZvVpPuP3IPu2UbId1gLXP7HyE3yGliqYVXpLmDcFy7UaS_9Tkd0CMg8_GvH5sjCB4NEyIT/.../

http://dw.uptodown.com/dwn/PImeP7H0Oc4l7iTZoX2IYEKnV0ahUSi49vj6ccRqgMjCOzjzv09zUIoaRCMF9wE8qURjuUQDGD0oUZPP5zIFdxQUmmE-Xj9s9Oe1Ok1DwMhiGUKabenhudgJ8xId7c3q/PUp5a711rM9X-hvAGr2Sw14H4aGsnV0z_3I8Q8FPPqp7XjrqjOULHrC9Yih4PS2P-4GAA_5SHOX-8O17-ekUbFrRrBxBbhqTQ_31i1zQHQ8oVWUtsI01LZ4N0ng5OcEf/k90lnEB_LxE5x9UkMOiVAvacVgCLaIZAfZh2LDdm1qW1FlIRYpLe9x26Z9z-pNustXwP12UrqBwD7DaWhf7dqrBTZO3qjx2-wBl0O7R3nvlZ902Yv9ZxbBTUGMhCQMr2/.../

Remove ares-galaxy-turbo-booster-7-2-0-en-win.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.