» FasterLight.BOAS.exe
Overview
Analysis
File Details
Network (28)

FasterLight.BOAS.exe

Faster Light

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application FasterLight.BOAS.exe, “FasterLight.BOAS.exe” by Faster Light has been detected as adware by 23 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

Publisher:

Faster Light (signed and verified)

Description:

FasterLight.BOAS.exe

Version:

1.0.0.1

MD5:

179f0c9226f6c9f1dd449b7509b57c23

SHA-1:

6af514cb5102c742301cd02e715ac2e4066b485c

SHA-256:

d5a11aed0d8921731d9efd3e3b902c228ba84b74d66841d925632046f6758678

Scanner detections:

23 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/19/2024 6:40:43 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Graftor.158883

6217679

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.BrowseFox

2014.12.23

Avira AntiVirus

APPL/BrowseFox.Gen4

7.11.197.44

avast!

Win32:Adware-CCC [PUP]

141214-1

AVG

Generic

2015.0.3252

Bitdefender

Gen:Variant.Adware.Graftor.158883

1.0.20.1780

Clam AntiVirus

Win.Adware.Agent-22623

0.98/21511

Dr.Web

Trojan.BPlug.280

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.158883

9.0.0.4668

ESET NOD32

Win32/BrowseFox.R potentially unwanted application

7.0.302.0

F-Secure

Gen:Variant.Adware.Graftor.158883

5.13.68

G Data

Gen:Variant.Adware.Graftor.158883

14.12.24

IKARUS anti.virus

AdWare.SwiftBrowse

t3scan.1.8.5.0

K7 AntiVirus

Unwanted-Program

13.188.14410

McAfee

Trojan.Artemis!179F0C9226F6

16.8.708.2

MicroWorld eScan

Gen:Variant.Adware.Graftor.158883

15.0.0.1068

NANO AntiVirus

Trojan.Win32.BPlug.dgfcro

0.28.6.64267

Norman

Gen:Variant.Adware.Graftor.158883

04.12.2014 14:30:06

Reason Heuristics

PUP.FasterLight.P

14.12.22.21

Vba32 AntiVirus

AdWare.SwiftBrowse

3.12.26.3

VIPRE Antivirus

Threat.4150696

35418

Zillya! Antivirus

Adware.Kranet.Win32.442

2.0.0.2013

File size:

1.7 MB (1,791,224 bytes)

Product version:

1.0.0.1

Original file name:

FasterLight.BOAS.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\faster light\bin\fasterlight.boas.exe

Digital Signature

Signed by:

Faster Light

Authority:

VeriSign, Inc.

Valid from:

11/20/2014 1:00:00 AM

Valid to:

11/21/2015 12:59:59 AM

Subject:

CN=Faster Light, O=Faster Light, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

697399BCAA43E2F4228493C765EB81CE

File PE Metadata

Compilation timestamp:

12/22/2014 3:48:54 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:9Z30sBqTwk9WyiQRzRe0sjZCtzw2UxZOA//48Y1dO7b0em+Vm2IC5GDuHsJmPW0:D38TbW0RNAjwtzw2UxZOA//4+bs0m2IU

Entry address:

0x107789

Entry point:

E8, CA, 72, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, B8, 3E, 58, 00, 75, 02, F3, C3, E9, 51, 73, 00, 00, 8B, 41, 04, 85, C0, 75, 05, B8, E8, C6, 55, 00, C3, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 57, 8B, F9, 74, 2D, 56, FF, 75, 08, E8, 7A, 38, 00, 00, 8D, 70, 01, 56, E8, 1C, 06, 00, 00, 59, 59, 89, 47, 04, 85, C0, 74, 11, FF, 75, 08, 56, 50, E8, 17, 74, 00, 00, 83, C4, 0C, C6, 47, 08, 01, 5E, 5F, 5D, C2, 04, 00, 8B, FF, 56, 8B, F1, 80, 7E, 08, 00, 74, 09, FF, 76, 04, E8, FB, 09, 00, 00, 59, 83, 66, 04, 00, C6, 46... 
[+]

Code size:

1.2 MB (1,263,104 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to track-eu.adform.net (85.235.246.2:80)

TCP (HTTP):

Connects to s3-1.amazonaws.com (54.231.66.72:80)

TCP (HTTP):

Connects to s3.adform.net (86.58.179.121:80)

TCP (HTTP SSL):

Connects to portal.o2online.de (82.113.101.132:443)

TCP (HTTP):

Connects to msnbot-207-46-194-10.search.msn.com (207.46.194.10:80)

TCP (HTTP):

Connects to fra02s22-in-f25.1e100.net (173.194.113.121:80)

TCP (HTTP):

Connects to float.859.bm-impbus.prod.ams1.adnexus.net (37.252.163.31:80)

TCP (HTTP):

Connects to float.2444.bm-impbus.prod.ams1.adnexus.net (37.252.163.101:80)

TCP (HTTP):

Connects to float.1072.bm-impbus.prod.ams1.adnexus.net (37.252.163.23:80)

TCP (HTTP):

Connects to float.1065.bm-impbus.prod.ams1.adnexus.net (37.252.162.119:80)

TCP (HTTP):

Connects to ec2-54-76-23-164.eu-west-1.compute.amazonaws.com (54.76.23.164:80)

TCP (HTTP SSL):

Connects to ec2-54-247-90-208.eu-west-1.compute.amazonaws.com (54.247.90.208:443)

TCP (HTTP):

Connects to ec2-54-217-225-242.eu-west-1.compute.amazonaws.com (54.217.225.242:80)

TCP (HTTP):

Connects to ec2-54-210-10-116.compute-1.amazonaws.com (54.210.10.116:80)

TCP (HTTP):

Connects to ec2-54-209-145-113.compute-1.amazonaws.com (54.209.145.113:80)

TCP (HTTP):

Connects to ec2-184-72-37-91.us-west-1.compute.amazonaws.com (184.72.37.91:80)

TCP (HTTP):

Connects to ec2-174-129-37-153.compute-1.amazonaws.com (174.129.37.153:80)

TCP (HTTP):

Connects to a23-37-54-184.deploy.static.akamaitechnologies.com (23.37.54.184:80)

TCP (HTTP):

Connects to a23-37-53-161.deploy.static.akamaitechnologies.com (23.37.53.161:80)

TCP (HTTP):

Connects to a23-37-53-120.deploy.static.akamaitechnologies.com (23.37.53.120:80)

Remove FasterLight.BOAS.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.