Gridinsoft Logo
File Icon

Auslogics.BoostSpeed-13.0.0.6.exe Trojan Agent Analysis

Updated 1 year ago
Checked by Malware Check
Auslogics.BoostSpeed-13.0.0.6.exe

Technical Analysis

File Name Auslogics.BoostSpeed-13.0.0.6.exe
File Type
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Scanner Version 1.0.172.174
Database Version 2024-04-25 04:00:32 UTC

Trojan.Win32.Agent.sa

Malware family: Agent

Trojan Agent malware disguises itself as legitimate software while performing unauthorized activities including data theft and providing remote system access to threat actors.
N/A
Detection Rate
58,774,849
File Size (bytes)
2024-04-25
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
9bef135095a475415447bbd994b5d43c
SHA1
3219eb40594ba47efc7623512db0d00d4af9473c
SHA256
6550abea0463ed234e8c37b90f6d3519219a06dfa7b8f46b22a58409cba84212
SHA512
0ba02c17fd24c8f9792c42d6fea89bd1a1aa4f641bd785be311bfc128eeab7f4cfb1e112b3b892ad5349c53c2240cc04a89bee7ad6b33a128dfc5717dfcea42c
ImpHash
a5ccbfcd83fd3dfbde6360afc0b9086f

PE Analysis

Basic Information

Icon
Hash: c78fe5666ebd8586b2e6854e2deef2bb
Fuzzy: d5a66db0a8bc799994602e46fb57733e
dHash: 4db269c4d44d61b2
Image Base 0x00400000
Entry Point 0x0040395d
Compilation Time 2019-06-26 07:47:16
Checksum 0x00000000 (Actual: 0x03818cdd)
OS Version 5.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Digital Signature The PE file does not contain a certificate table.
Imports 7 libraries
KERNEL32, USER32, GDI32, SHELL32, ADVAPI32, COMCTL32, ole32
Exports 0 functions
Resources 18 Resources
Sections 5 Sections

Version Information

CompanyName diakov.net
FileDescription Auslogics BoostSpeed 13.0.0.6
FileVersion 13.0.0.6
Translation 0x0419 0x04e3

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 28,045 bytes 28,160 bytes 6.53 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 328B29FE9C45AD2F92A7D68D126B6A4C
.rdata 0x00008000 6,282 bytes 6,656 bytes 4.86 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 703CD9173DD02AB823C07C3508344789
.data 0x0000a000 196,156 bytes 512 bytes 1.63 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE CA2D2FA5BD40C088F104D1CCF862CE81
.ndata 0x0003a000 192,512 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.rsrc 0x00069000 392,640 bytes 392,704 bytes 6.41 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ BA88EE6A8101943E4961A239565DACE5
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 18 (391,627 bytes)
Resource Type Count Total Size Percentage
RT_ICON 11 388,672 bytes
99.2%
RT_DIALOG 4 1,286 bytes
0.3%
RT_GROUP_ICON 1 160 bytes
0%
RT_VERSION 1 428 bytes
0.1%
RT_MANIFEST 1 1,081 bytes
0.3%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Win32.Agent.sa Removal

Gridinsoft has the capability to identify and eliminate Trojan.Win32.Agent.sa without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware