home

OfferBox.exe

OfferBox

Secure Digital Services Limited

The application OfferBox.exe by Secure Digital Services Limited has been detected as a potentially unwanted program by 2 anti-malware scanners. This file is typically installed with the program OfferBox by Aedge Performance which is a potentially unwanted software program. While running, it connects to the Internet address wo01.es2.aedn.eu on port 80 using the HTTP protocol.
Publisher:
Secure Digital Services  (signed by Secure Digital Services Limited)

Product:
OfferBox

Version:
1, 0, 3, 14

MD5:
15a930df3defb1ac927d63f1fc9942ba

SHA-1:
e5d2fa91b5a99e2d87d3678c8be092421789fcb8

SHA-256:
6cc982b4a11f2569b52174fd334e7a250400b043c8d9872b0c6ab1f6dbf18119

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 9:09:09 PM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.SecureDigitalServices
188838

Reason Heuristics
PUP.OfferBox.SecureDigitalServices (M)
16.1.24.2

File size:
618.1 KB (632,976 bytes)

Product version:
1, 0, 3, 14

Copyright:
Copyright © 2009

Original file name:
OfferBox.exe

File type:
Executable application (Win32 EXE)

Language:
Espagnol (Espagne, alphabet international)

Common path:
C:\Program Files\offerbox\offerbox.exe

Digital Signature
Signed by:
Secure Digital Services Limited

Authority:
VeriSign, Inc.

Valid from:
11/16/2009 1:00:00 AM

Valid to:
11/17/2011 12:59:59 AM

Subject:
CN=Secure Digital Services Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Secure Digital Services Limited, L=Dublin, S=Dublin, C=IE

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3B62DC3672D1D2047D8974361B53ECE7

File PE Metadata
Compilation timestamp:
5/5/2010 5:18:27 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:f7DCu53DD4IYNHVRp30Iy0A8N/TkWS8xiK0h5A76xC58n4nonNnNn0ktv0:f7DCu59fIyH8N/jPxv8lC5K2

Entry address:
0x23A7E

Entry point:
E8, 2B, A7, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 55, 08, 53, 56, 57, 33, FF, 3B, D7, 74, 07, 8B, 5D, 0C, 3B, DF, 77, 1E, E8, 94, 00, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, BE, D4, FF, FF, 83, C4, 14, 8B, C6, 5F, 5E, 5B, 5D, C3, 8B, 75, 10, 3B, F7, 75, 07, 33, C0, 66, 89, 02, EB, D4, 8B, CA, 0F, B7, 06, 66, 89, 01, 41, 41, 46, 46, 66, 3B, C7, 74, 03, 4B, 75, EE, 33, C0, 3B, DF, 75, D3, 66, 89, 02, E8, 4B, 00, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, B3, 8B, FF, 55, 8B, EC, 8B, 45...
 
[+]

Code size:
227 KB (232,448 bytes)

The file OfferBox.exe has been discovered within the following program.

OfferBox  by Aedge Performance
Publisher's description - “The free and light OfferBox application, analyses keywords from the pages you are browsing, in real time, and displays only related and relevant offers you’re looking for whilst respecting your privacy. This is achieved through our efficient targeting technology.”
www.offerbox.com
64% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to wo01.es2.aedn.eu  (178.33.88.172:80)

TCP (HTTP):
Connects to wo02.es2.aedn.eu  (178.33.88.173:80)

Remove OfferBox.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.