» imageboostsetup_ch.exe
Overview
Analysis
File Details

imageboostsetup_ch.exe

NCIS Technologies Limited

The application imageboostsetup_ch.exe by NCIS Technologies Limited has been detected as a potentially unwanted program by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.

File name:

Publisher:

NCIS Technologies Limited (signed and verified)

MD5:

93c866253cbbea246b58e835f58ef29c

SHA-1:

f8b590b7e9c7b211b85b3bf563f824bee98e24b6

SHA-256:

299e71b527e39c9e65df7befb37b406cff7ba9a9cdd49887e81adb740e14383f

Scanner detections:

14 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 2:33:28 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Adware.MarketScore

7.1.1

Avira AntiVirus

ADSPY/NaviPromo.J

7.11.94.200

avast!

Win32:PUP-gen [PUP]

2014.9-151215

AVG

RelevantKnowledge

2016.0.2894

Bitdefender

Adware.Relevant.BH

1.0.20.1745

Comodo Security

ApplicUnwnt.Win32.AdWare.RK.~E

16704

Dr.Web

Adware.Relevant.81

9.0.1.0349

Emsisoft Anti-Malware

Adware.Relevant.BH

8.15.12.15.10

ESET NOD32

Win32/Adware.MarketScore

9.8646

G Data

Adware.Relevant.BH

15.12.22

Malwarebytes

PUP.Adware.RelevantKnowledge

v2015.12.15.10

MicroWorld eScan

Adware.Relevant.BH

16.0.0.1047

Trend Micro House Call

TROJ_GEN.RCBH1AV

7.2.349

VIPRE Antivirus

Wajam

20138

File size:

518.1 KB (530,544 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\imageboostsetup_ch.exe

Digital Signature

Signed by:

NCIS Technologies Limited

Authority:

Thawte, Inc.

Valid from:

12/14/2011 7:00:00 PM

Valid to:

12/14/2012 6:59:59 PM

Subject:

CN=NCIS Technologies Limited, O=NCIS Technologies Limited, L=Wilmington, S=Delaware, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

085CF6F3312A433B1D49A8C12B31A107

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:HnOOJYlrj0eFrggMlwcdr0zAlZGD6hOmNeRZj9p4pf:HO0YNxNObdzlZGOOey/m

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9349

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove imageboostsetup_ch.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.