home

utorrentturbobooster_installer.exe

Turbo Booster for uTorrent

Hipgnosis Vision

The application utorrentturbobooster_installer.exe by Hipgnosis Vision has been detected as a potentially unwanted program by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from dhb2v6uqym5lb.cloudfront.net.
Publisher:
DownloadBoosters LLC  (signed by Hipgnosis Vision)

Product:
Turbo Booster for uTorrent

Version:
5.4.0.0

MD5:
d1929258d0c8efc60b4fa085600fc239

SHA-1:
ea60e08ec0c493802843cc8fa5ff017255c292e1

SHA-256:
1c1fa342837e43e16c019cd1e83536260285468ea987cb856f84afe9a99e44b6

Scanner detections:
16 / 68

Status:
Potentially unwanted

Analysis date:
5/7/2024 10:40:52 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
Win-PUP/Adload
2015.10.15

AVG
Generic
2016.0.2946

Baidu Antivirus
PUA.Win32.DownWare
4.0.3.151024

Bkav FE
W32.HfsAdware
1.3.0.7237

Dr.Web
Program.Unwanted.362
9.0.1.0297

ESET NOD32
Win32/DownWare.L potentially unwanted
9.12409

Fortinet FortiGate
Riskware/Agent
10/24/2015

G Data
Win32.Trojan.Agent.FDHUIL
15.10.25

K7 AntiVirus
Unwanted-Program
13.210.17539

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.1227

Reason Heuristics
PUP.HipgnosisVision.Installer (M)
15.10.24.15

Sophos
Generic PUA OK (PUA)
4.98

VIPRE Antivirus
Trojan-Downloader.Win32.Agent
44534

ViRobot
Adware.Agent.2043080[h]
2014.3.20.0

Zillya! Antivirus
Downloader.Agent.Win32.228288
2.0.0.2447

File size:
1.9 MB (2,043,080 bytes)

Copyright:
� DownloadBoosters LLC

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\utorrentturbobooster_installer.exe

Digital Signature
Signed by:
Hipgnosis Vision

Authority:
Symantec Corporation

Valid from:
2/16/2015 5:30:00 AM

Valid to:
4/17/2016 5:29:59 AM

Subject:
CN=Hipgnosis Vision, O=Hipgnosis Vision, L=Craiova, S=Dolj, C=RO

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
74CB8A9F6210A537EAE293153461ED0C

File PE Metadata
Compilation timestamp:
2/25/2012 12:49:59 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:T1XhLrWkSzDyjbQ4IFVzCMR+MYZGjv6X0NRUaYjRjQy:ZhLrWkS6jiRrQJuRUl+y

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Entropy:
7.9816

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file utorrentturbobooster_installer.exe has been seen being distributed by the following URL.

https://dhb2v6uqym5lb.cloudfront.net/uTorrentTurboBooster_installer.exe

Remove utorrentturbobooster_installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.