CCBoot.exe

CCBoot

Youngzsoft

The application CCBoot.exe has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “CCBoot”. While running, it connects to the Internet address li365-173.members.linode.com on port 80 using the HTTP protocol.
Publisher:
Youngzsoft

Product:
CCBoot

Version:
3.0.0.1

MD5:
68e242bb50137a8cba0b259d51824220

SHA-1:
e02152d2e4afa9785f7d2f090fccea0034ca20d9

SHA-256:
5c6f2c74ba156724fa0a905300954ad80c96038ff7c89e3eed99bb5009f1b9af

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/13/2018 7:57:40 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.1.13.15

File size:
2.6 MB (2,706,944 bytes)

Product version:
3.0.0.1

Copyright:
(c) Youngzsoft. All rights reserved.

Original file name:
CCBoot.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
8/17/2012 2:20:01 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:I0ByM7DvB21GjZnglOF5ae9J8E2qbvFRsqbvFR5h:xByY5jZAFE2qbvFRsqbvFR5h

Entry address:
0xA074F

Entry point:
E8, BE, 98, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, BD, 07, 4A, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, 1D, 36, 02, 00, 8B, 45, 0C, 8B, 40, 04, 83, E0, FD, 8B, 4D, 0C, 89, 41, 04, 64, 8B, 3D...
 
[+]

Entropy:
6.5793

Code size:
819 KB (838,656 bytes)

Service
Display name:
CCBoot

Type:
Win32OwnProcess

Depends on:
vds


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to li365-173.members.linode.com  (96.126.108.173:80)

Remove CCBoot.exe - Powered by Reason Core Security