home

OfferBox.exe

OfferBox

Secure Digital Services Limited

The application OfferBox.exe by Secure Digital Services Limited has been detected as a potentially unwanted program by 4 anti-malware scanners. This file is typically installed with the program OfferBox by Aedge Performance which is a potentially unwanted software program. While running, it connects to the Internet address wo02.es2.aedn.eu on port 80 using the HTTP protocol.
Publisher:
Secure Digital Services  (signed by Secure Digital Services Limited)

Product:
OfferBox

Version:
1, 0, 0, 13

MD5:
0fd3f93e58134bc64259988175dd1e3d

SHA-1:
db2f6e542b63742fd342abffa24a20ad65586edc

SHA-256:
e0ca0204581f3cbc50c967201458d863b5e49938348e73c24e21509c3a801c83

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
4/23/2024 2:58:30 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.OfferBox
4.0.3.14627

Boost by Reason
Optional.SecureDigitalServices
188838

ESET NOD32
Win32/AdWare.OfferBox (variant)
8.9588

Reason Heuristics
PUP.SecureDigitalServices
15.4.24.0

File size:
617.6 KB (632,464 bytes)

Product version:
1, 0, 0, 13

Copyright:
Copyright © 2009

Original file name:
OfferBox.exe

File type:
Executable application (Win32 EXE)

Language:
Spanish

Common path:
C:\Program Files\offerbox\offerbox.exe

Digital Signature
Signed by:
Secure Digital Services Limited

Authority:
VeriSign, Inc.

Valid from:
11/16/2009 1:00:00 AM

Valid to:
11/17/2011 12:59:59 AM

Subject:
CN=Secure Digital Services Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Secure Digital Services Limited, L=Dublin, S=Dublin, C=IE

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3B62DC3672D1D2047D8974361B53ECE7

File PE Metadata
Compilation timestamp:
3/23/2010 9:46:10 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:emmXVY+GQU5rvPrkWnU+lzh6yfkGs3zkWn3xYuN99C58n4nonNnNn0Etvc:edXVY/QY6y8Gs3r3xX9C5+S

Entry address:
0x2388E

Entry point:
E8, 2B, A7, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 55, 08, 53, 56, 57, 33, FF, 3B, D7, 74, 07, 8B, 5D, 0C, 3B, DF, 77, 1E, E8, 94, 00, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, BE, D4, FF, FF, 83, C4, 14, 8B, C6, 5F, 5E, 5B, 5D, C3, 8B, 75, 10, 3B, F7, 75, 07, 33, C0, 66, 89, 02, EB, D4, 8B, CA, 0F, B7, 06, 66, 89, 01, 41, 41, 46, 46, 66, 3B, C7, 74, 03, 4B, 75, EE, 33, C0, 3B, DF, 75, D3, 66, 89, 02, E8, 4B, 00, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, B3, 8B, FF, 55, 8B, EC, 8B, 45...
 
[+]

Code size:
226.5 KB (231,936 bytes)

The file OfferBox.exe has been discovered within the following program.

OfferBox  by Aedge Performance
Publisher's description - “The free and light OfferBox application, analyses keywords from the pages you are browsing, in real time, and displays only related and relevant offers you’re looking for whilst respecting your privacy. This is achieved through our efficient targeting technology.”
www.offerbox.com
64% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to wo01.es2.aedn.eu  (178.33.88.172:80)

TCP (HTTP):
Connects to wo02.es2.aedn.eu  (178.33.88.173:80)

Remove OfferBox.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.