home

CCBoot.exe

CCBoot

Youngzsoft

The application CCBoot.exe has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “CCBoot”. While running, it connects to the Internet address li365-173.members.linode.com on port 80 using the HTTP protocol.
Publisher:
Youngzsoft

Product:
CCBoot

Version:
3.0.0.1

MD5:
08a731342fd440e51de19091c5868799

SHA-1:
26f14e937cdff3e9c8caac114a30b15cb9f88dfd

SHA-256:
7677de7a03df7ed03a1b1a9123642268f6affbbb82759e28f2844a0ed12ae9e9

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/30/2024 9:30:54 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win64.Generic.Youngzsoft.Meta
15.12.6.20

File size:
3 MB (3,146,240 bytes)

Product version:
3.0.0.1

Copyright:
(c) Youngzsoft. All rights reserved.

Original file name:
CCBoot.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
8/17/2012 9:19:09 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:US3CveZ9/YsOP6/OF5ae9J8E2qbvFRsqbvFR5U:HrTJHFE2qbvFRsqbvFR5U

Entry address:
0xD0E50

Entry point:
48, 83, EC, 28, E8, 3F, 8D, 00, 00, 48, 83, C4, 28, E9, 16, FE, FF, FF, CC, CC, 48, 8B, C4, 48, 89, 58, 08, 48, 89, 68, 10, 48, 89, 70, 18, 48, 89, 78, 20, 41, 54, 48, 83, EC, 20, 49, 8B, 59, 38, 48, 8B, F2, 4D, 8B, E0, 48, 8B, E9, 4C, 8D, 43, 04, 49, 8B, D1, 48, 8B, CE, 49, 8B, F9, E8, 24, 02, 00, 00, 44, 8B, 5B, 04, 44, 8B, 55, 04, 41, 8B, C3, 41, 83, E3, 02, 41, B8, 01, 00, 00, 00, 41, 23, C0, 41, 80, E2, 66, 44, 0F, 44, D8, 45, 85, DB, 74, 14, 4C, 8B, CF, 4D, 8B, C4, 48, 8B, D6, 48, 8B, CD, E8, 0E, 07...
 
[+]

Code size:
1 MB (1,075,200 bytes)

Service
Display name:
CCBoot

Type:
Win32OwnProcess

Depends on:
vds


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to li365-173.members.linode.com  (96.126.108.173:80)

Remove CCBoot.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.