» setup_gameboost.exe
Overview
Analysis
File Details
Programs (2)
Downloads (4)

setup_gameboost.exe

Toolwiz GameBoost FREE

XII CNC Inc.

The program is a setup application that uses the Inno Setup installer. This is installed with multiple programs including Toolwiz Time Freeze 2014 and Toolwiz BSafe. The file has been seen being downloaded from download.dogsoft.ru and multiple other hosts.

File name:

setup_gameboost.exe

Publisher:

Toolwiz (signed by XII CNC Inc.)

Product:

Toolwiz GameBoost FREE

Description:

Toolwiz GameBoost FREE Setup

Version:

1.3.0.0

MD5:

0f5ad540987384a44de57dd4cf47bc47

SHA-1:

a6521b65a56164aa8b224614832a0ac7d3c228bb

SHA-256:

e657f31b269b16766b348092c3a2bda14f054f456a23cec52d66e9ef2e7009fe

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

5/9/2024 5:44:25 PM UTC (today)

File size:

678.8 KB (695,080 bytes)

Product version:

1.3.0.0

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\setup_gameboost.exe

Digital Signature

Signed by:

XII CNC Inc.

Authority:

VeriSign, Inc.

Valid from:

7/31/2011 5:00:00 PM

Valid to:

8/30/2012 4:59:59 PM

Subject:

CN=XII CNC Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=XII CNC Inc., L=Anyang, S=Kyunggi, C=KR

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

6B01A485CA0C94226AA153DE1A468248

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:i203qxzC2fjGZpU6zbO+Yjn20HfZnEe7tfumZizbcjWci2w5wrvtZ:i206hBSfUvjn20/ZnE0tZGAj2w7

Entry address:

0x9B60

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 66, 95, FF, FF, E8, 6D, A7, FF, FF, E8, 98, C9, FF, FF, E8, DF, C9, FF, FF, E8, 0E, F3, FF, FF, E8, 75, F4, FF, FF, 33, C0, 55, 68, 17, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, E0, A1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 02, FA, FF, FF, 8D, 55, F0, 33, C0, E8, C8, CF, FF, FF, 8B, 55, F0, B8, F0, CD, 40, 00, E8, 17, 96, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, F0, CD, 40, 00, B2, 01, B8... 
[+]

Entropy:

7.9634

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file setup_gameboost.exe has been discovered within the following programs.

Toolwiz BSafe by ToolWiz

www.Toolwiz.com

About 9% of users remove it

Toolwiz Time Freeze 2014 by ToolWiz

About 1% of users remove it

The file setup_gameboost.exe has been seen being distributed by the following 4 URLs.

http://download.dogsoft.ru/toolwiz_gameboost_1.3.exe

http://www.toolwiz.com/download.php?action=ToolwizGameBoost

http://www.toolwiz.com/.../Setup_GameBoost.exe

http://bcs.duapp.com/btowssoft/.../Setup_GameBoost.exe

Scan setup_gameboost.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.