home

wboosteri.exe

Windows Live Booster

IPO Communications

The application wboosteri.exe by IPO Communications has been detected as a potentially unwanted program by 14 anti-malware scanners.
Publisher:
IPO Communications  (signed and verified)

Product:
Windows Live Booster

Version:
1.1.0.1

MD5:
90a1f03c470f4ee768e46b3e48fb431b

SHA-1:
6d5d7a8004f701abbeb28d10111bca70490963aa

SHA-256:
f52f96f7471905aea853b2fa31f129d026f539ce6baae880ece66a6f9957a253

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 5:51:45 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.WindowsBooster
2015.03.12

AVG
Skodna.Generic
2016.0.2889

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
ApplicUnwnt
21378

Dr.Web
BackDoor.Ghost.176
9.0.1.0355

ESET NOD32
Win32/Adware.Kraddare.FN (variant)
9.11306

F-Prot
W32/Agent.KCZ
v6.4.7.1.166

Malwarebytes
Adware.KorAd
v2015.12.21.08

McAfee
Artemis!90A1F03C470F
5600.6545

Rising Antivirus
PE:Trojan.Win32.Generic.134DE016!323870742
23.00.65.151219

Trend Micro House Call
ADW_KRADDARE
7.2.355

Trend Micro
ADW_KRADDARE
10.465.21

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
38348

File size:
594.2 KB (608,424 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\kikidown\wboosteri.exe

Digital Signature
Signed by:
IPO Communications

Authority:
COMODO CA Limited

Valid from:
6/28/2012 8:00:00 PM

Valid to:
6/29/2013 7:59:59 PM

Subject:
CN=IPO Communications, O=IPO Communications, STREET="504 Freebero Officetel,15-14 Yeouido-dong", L=Yeongdeungpo-gu, S=Seoul, PostalCode=150010, C=KR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
073D112E1D1FEE4840ABCE47AAB412AE

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:Qc9QZs5yrwh2t7XjwOcJYa9LYlTIISID33:QMQZe2tfQYwqvDn

Entry address:
0x7C6D0

Entry point:
55, 8B, EC, 83, C4, F0, B8, 28, C3, 47, 00, E8, F4, A0, F8, FF, A1, A4, F3, 47, 00, 8B, 00, E8, C0, C6, FD, FF, A1, A4, F3, 47, 00, 8B, 00, BA, 30, C7, 47, 00, E8, 97, C2, FD, FF, 8B, 0D, 44, F5, 47, 00, A1, A4, F3, 47, 00, 8B, 00, 8B, 15, 9C, B6, 47, 00, E8, AF, C6, FD, FF, A1, A4, F3, 47, 00, 8B, 00, E8, 23, C7, FD, FF, E8, 9E, 7C, F8, FF, 00, 00, FF, FF, FF, FF, 09, 00, 00, 00, 77, 62, 6F, 6F, 73, 74, 65, 72, 69, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.6076

Developed / compiled with:
Microsoft Visual C++

Code size:
494 KB (505,856 bytes)

Remove wboosteri.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.