offerbox.exe

OfferBox

Aedge Performance BCN, S.L.U.

The application offerbox.exe by Aedge Performance BCN, S.L.U has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘offerbox’. This file is typically installed with the program OfferBox by Aedge Performance BCN SL which is a potentially unwanted software program. While running, it connects to the Internet address wo02.es2.aedn.eu on port 80 using the HTTP protocol.
Publisher:
Aedge Performance BCN SL  (signed by Aedge Performance BCN, S.L.U.)

Product:
OfferBox

Version:
8, 1, 6045, 468

MD5:
df45594cbd8fe78c46dfb15c4e134bd0

SHA-1:
652e531bac20db40f46166863829aaa6ff91eed1

SHA-256:
67fa81e35919c2f4718575738393d601bcfa250833b868c35485fc85b2cb7d74

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
6/20/2018 1:12:20 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Startup.Adedge
15.3.1.15

File size:
8.2 MB (8,627,008 bytes)

Product version:
8, 1, 6045, 468

Copyright:
Copyright © 2009

File type:
Executable application (Win32 EXE)

Language:
Spanish

Common path:
C:\Program Files\offerbox\offerbox.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/25/2012 2:00:00 AM

Valid to:
6/22/2013 1:59:59 AM

Subject:
CN="Aedge Performance BCN, S.L.U.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Aedge Performance BCN, S.L.U.", L=BARCELONA, S=CATALUNYA, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5D6D2F7CC0B7C31DA645A5A1A2078139

File PE Metadata
Compilation timestamp:
6/20/2013 8:34:09 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:m4FrVCepuHOgLWXW8xmVQOA1P96VuX7Xv8CAaxaysxPYUsTJFLPMtLMp1IxJOuDJ:mAp/RmomVLk5X74wl5MfeUm0GxM/

Entry address:
0x5A4E0F

Entry point:
E8, C3, 24, 01, 00, E9, 79, FE, FF, FF, 85, C0, 74, 0D, 33, C9, 85, C0, 0F, 9F, C1, 8D, 4C, 09, FF, 8B, C1, C3, 0F, B6, 00, 0F, B6, 09, 2B, C1, 74, 0D, 33, C9, 85, C0, 0F, 9F, C1, 8D, 4C, 09, FF, 8B, C1, C3, 66, 8B, 06, 66, 3B, 01, 74, 35, 0F, B6, 11, 0F, B6, C0, 2B, C2, 74, 11, 33, D2, 85, C0, 0F, 9F, C2, 8D, 54, 12, FF, 8B, C2, 85, C0, 75, 1C, 0F, B6, 46, 01, 0F, B6, 49, 01, 2B, C1, 74, 10, 33, C9, 85, C0, 0F, 9F, C1, 8D, 4C, 09, FF, 8B, C1, C3, 33, C0, C3, 8B, 06, 3B, 01, 74, 6F, 0F, B6, 11, 0F, B6, C0...
 
[+]

Code size:
6.3 MB (6,598,656 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
offerbox

Command:
C:\Program Files\offerbox\offerbox.exe


The file offerbox.exe has been discovered within the following programs.

OfferBox  by Aedge Performance BCN SL
It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine).
www.offerbox.com
71% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to wo02.es2.aedn.eu  (178.33.88.173:80)

TCP (HTTP):
Connects to wo01.es2.aedn.eu  (178.33.88.172:80)

TCP (HTTP):
Connects to w07.es2.aedn.eu  (178.33.88.177:80)

TCP (HTTP):
Connects to w01.es2.aedn.eu  (178.33.88.171:80)

TCP (HTTP):
Connects to w08.es2.aedn.eu  (178.33.88.178:80)

TCP (HTTP):
Connects to w05.es2.aedn.eu  (178.33.88.175:80)

TCP (HTTP):
Connects to w04.es2.aedn.eu  (178.33.88.174:80)

Remove offerbox.exe - Powered by Reason Core Security