home

Gamebox.exe

Gamebox

337 Technology Limited

The application Gamebox.exe by 337 Technology Limited has been detected as adware by 2 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Gamebox’. While running, it connects to the Internet address 187.59.4.75.static.host.gvt.net.br on port 80 using the HTTP protocol.
Publisher:
337 Technology Limited  (signed and verified)

Product:
Gamebox

Version:
1.0.21.17786

MD5:
429d451908113a01e652934e03726f97

SHA-1:
67294ee60d92ba3f876eb97699244cbb26772f46

SHA-256:
3880fce8beba0fa9ccb68b934a6baa3bd2349238dcb8c4cf54aba0f28ce3b304

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
4/24/2024 4:09:57 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Elex
4.0.3.141027

Reason Heuristics
PUP.Startup.337TechnologyLimited.H
14.10.27.19

File size:
620.1 KB (634,976 bytes)

Product version:
1.0.21.17786

Copyright:
Copyright (c) 2011-2014 337 Technology Limited

Original file name:
Gamebox.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\gamebox\gamebox.exe

Digital Signature
Signed by:
337 Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
6/25/2012 2:04:18 AM

Valid to:
6/26/2015 2:04:18 AM

Subject:
CN=337 Technology Limited, O=337 Technology Limited, L=香港, S=香港, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121A511A565DC1022CCD7BA41E2E418FE65

File PE Metadata
Compilation timestamp:
10/23/2014 4:29:29 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:bHeXjDWp0P0dokya7Lms+YrIBMbKcx3Y+E2obr56L/GczHZ2mBGF:bH8DWp0P0CnmIUKcx3xzHZbBGF

Entry address:
0x4D4BC

Entry point:
E8, E0, 03, 00, 00, E9, 4C, FE, FF, FF, FF, 25, A0, 62, 45, 00, 55, 8B, EC, FF, 15, 24, 61, 45, 00, 6A, 01, A3, 1C, 66, 47, 00, E8, D1, 04, 00, 00, FF, 75, 08, E8, CF, 04, 00, 00, 83, 3D, 1C, 66, 47, 00, 00, 59, 59, 75, 08, 6A, 01, E8, B7, 04, 00, 00, 59, 68, 09, 04, 00, C0, E8, B8, 04, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 43, 14, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 00, 64, 47, 00, 89, 0D, FC, 63, 47, 00, 89, 15, F8, 63, 47, 00, 89, 1D, F4, 63, 47, 00, 89, 35, F0...
 
[+]

Entropy:
5.9059

Code size:
338 KB (346,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Gamebox

Command:
"C:\users\{user}\appdata\roaming\gamebox\gamebox.exe" 0


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 187.59.4.81.static.host.gvt.net.br  (187.59.4.81:80)

TCP (HTTP):
Connects to 187.59.4.75.static.host.gvt.net.br  (187.59.4.75:80)

TCP (HTTP):
Connects to dc.82.adb8.ip4.static.sl-reverse.com  (184.173.130.220:80)

TCP (HTTP):
Connects to c2.fb.c1ad.ip4.static.sl-reverse.com  (173.193.251.194:80)

TCP (HTTP):
Connects to d8.e2.1632.ip4.static.sl-reverse.com  (50.22.226.216:80)

TCP (HTTP):
Connects to 187.59.4.89.static.host.gvt.net.br  (187.59.4.89:80)

Remove Gamebox.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.