offerboxhttpproxy.exe

OfferBoxHTTPProxy

Aedge Performance BCN, S.L.U.

The application offerboxhttpproxy.exe by Aedge Performance BCN, S.L.U has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 56847 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Publisher:
Aedge Performance BCN SL  (signed by Aedge Performance BCN, S.L.U.)

Product:
OfferBoxHTTPProxy

Version:
5, 5, 5288, 405

MD5:
19e3f9fd4ea2a617cf3aaeca627f47ec

SHA-1:
204e3acf66ab5abcb895035aae07730295d5f414

SHA-256:
7ca6077539d3d906ce6d4813adbd06debc012ad0a5f0fd0c4c10d2fe78d32984

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
8/21/2018 12:58:35 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Adedge (M)
16.9.26.21

File size:
173.4 KB (177,512 bytes)

Product version:
5, 5, 5288, 405

Copyright:
Copyright © 2011

File type:
Executable application (Win32 EXE)

Language:
Spanish

Common path:
C:\Program Files\offerbox\offerboxhttpproxy.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/16/2011 2:00:00 AM

Valid to:
6/16/2012 1:59:59 AM

Subject:
CN="Aedge Performance BCN, S.L.U.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Aedge Performance BCN, S.L.U.", L=BARCELONA, S=CATALUNYA, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
061F16F7D5994D184FAEB300004B0693

File PE Metadata
Compilation timestamp:
2/2/2012 5:58:13 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:dHS+UNH8CMjxIqgkWnS23JvXjPCdovzeQ52Zlo/ViygzX:KNrGIqpW7JvTPCe9ixX

Entry address:
0xD350

Entry point:
E8, A0, 5A, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 0C, 75, 1D, E8, 52, 0F, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, D5, 02, 00, 00, 83, C4, 14, 83, C8, FF, EB, 4D, 8B, 45, 08, 3B, C3, 74, DC, 56, 89, 45, E8, 89, 45, E0, 8D, 45, 10, 50, 53, FF, 75, 0C, 8D, 45, E0, 50, C7, 45, E4, FF, FF, FF, 7F, C7, 45, EC, 42, 00, 00, 00, E8, E1, 5C, 00, 00, 83, C4, 10, FF, 4D, E4, 8B, F0, 78, 07, 8B, 45, E0, 88, 18, EB, 0C, 8D, 45, E0, 50, 53, E8, BC, 5A, 00, 00, 59...
 
[+]

Code size:
129.5 KB (132,608 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:56847/

Local host port:
56847

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a104-121-2-177.deploy.static.akamaitechnologies.com  (104.121.2.177:80)

TCP (HTTP):
Connects to wo02.es2.aedn.eu  (178.33.88.173:80)

TCP (HTTP):
Connects to wo01.es2.aedn.eu  (178.33.88.172:80)

TCP (HTTP SSL):
Connects to ec2-52-6-82-78.compute-1.amazonaws.com  (52.6.82.78:443)

TCP (HTTP):
Connects to n1plpkivs-v01.any.prod.ams1.secureserver.net  (188.121.36.237:80)

TCP (HTTP SSL):
Connects to ec2-52-72-157-241.compute-1.amazonaws.com  (52.72.157.241:443)

TCP (HTTP):
Connects to cdn-87-248-221-254.par.llnw.net  (87.248.221.254:80)

TCP (HTTP):

Remove offerboxhttpproxy.exe - Powered by Reason Core Security