home

CCBoot.exe

CCBoot

Youngzsoft

The application CCBoot.exe has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “CCBoot”. While running, it connects to the Internet address li365-173.members.linode.com on port 80 using the HTTP protocol.
Publisher:
Youngzsoft

Product:
CCBoot

Version:
3.0.0.1

MD5:
024dee9ce89108677cfb95bbaf400684

SHA-1:
84e446f69ec9ca76c4db0722e99833ed4e5eedea

SHA-256:
d194a27265b8a0ab21bda9cf4136e2dd68d3461deec5ce3c76996d589a714267

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/1/2024 3:08:05 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Service
17.2.22.4

File size:
2.6 MB (2,748,928 bytes)

Product version:
3.0.0.1

Copyright:
(c) Youngzsoft. All rights reserved.

Original file name:
CCBoot.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
8/7/2013 8:39:29 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0xA8A68

Entry point:
E8, 05, 99, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, D6, 8A, 4A, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, 04, 39, 02, 00, 8B, 45, 0C, 8B, 40, 04, 83, E0, FD, 8B, 4D, 0C, 89, 41, 04, 64, 8B, 3D...
 
[+]

Entropy:
6.5744

Code size:
856 KB (876,544 bytes)

Service
Display name:
CCBoot

Type:
Win32OwnProcess

Depends on:
vds


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to li365-173.members.linode.com  (96.126.108.173:80)

Remove CCBoot.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.