» offerboxhttpproxy.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (17)

offerboxhttpproxy.exe

OfferBoxHTTPProxy

Aedge Performance BCN, S.L.U.

The application offerboxhttpproxy.exe by Aedge Performance BCN, S.L.U has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 56847 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program OfferBox by Aedge Performance BCN SL which is a potentially unwanted software program.

File name:

Publisher:

Aedge Performance BCN SL (signed by Aedge Performance BCN, S.L.U.)

Product:

OfferBoxHTTPProxy

Version:

5, 4, 5121, 222

MD5:

cb2ccb97d236436ed2b0025736492afb

SHA-1:

2fcad3bfa3ab9a75b122846173368224d31f7f3e

SHA-256:

cba0b873307a03278ee3d07e0ed5e89f419ab59ba6422d21b9dbb1d4724c97ca

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/19/2024 10:18:05 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Adedge.AedgePerformanceBCNU

15.5.19.7

File size:

171.9 KB (175,976 bytes)

Product version:

5, 4, 5121, 222

File type:

Executable application (Win32 EXE)

Language:

Spagnolo (Spagna, ordinamento internazionale)

Common path:

C:\Program Files\offerbox\offerboxhttpproxy.exe

Digital Signature

Signed by:

Aedge Performance BCN, S.L.U.

Authority:

VeriSign, Inc.

Valid from:

6/16/2011 2:00:00 AM

Valid to:

6/16/2012 1:59:59 AM

Subject:

CN="Aedge Performance BCN, S.L.U.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Aedge Performance BCN, S.L.U.", L=BARCELONA, S=CATALUNYA, C=ES

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

061F16F7D5994D184FAEB300004B0693

File PE Metadata

Compilation timestamp:

1/16/2012 5:15:19 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:e89h7yEPYij04ds3+w4fRjkNvTwfyf4ZTKiPn/VJF3tI6:bZd24COwKkNvEfyQrlJpF

Entry address:

0xD126

Entry point:

E8, 9A, 5A, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 0C, 75, 1D, E8, 4C, 0F, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, CF, 02, 00, 00, 83, C4, 14, 83, C8, FF, EB, 4D, 8B, 45, 08, 3B, C3, 74, DC, 56, 89, 45, E8, 89, 45, E0, 8D, 45, 10, 50, 53, FF, 75, 0C, 8D, 45, E0, 50, C7, 45, E4, FF, FF, FF, 7F, C7, 45, EC, 42, 00, 00, 00, E8, DB, 5C, 00, 00, 83, C4, 10, FF, 4D, E4, 8B, F0, 78, 07, 8B, 45, E0, 88, 18, EB, 0C, 8D, 45, E0, 50, 53, E8, B6, 5A, 00, 00, 59... 
[+]

Code size:

129 KB (132,096 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:56847/

Local host port:

56847

Default credentials:

The file offerboxhttpproxy.exe has been discovered within the following program.

OfferBox by Aedge Performance BCN SL

It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine).

www.offerbox.com

71% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to 51.208.106.212.static.jazztel.es (212.106.208.51:80)

TCP (HTTP):

Connects to wo02.es2.aedn.eu (178.33.88.173:80)

TCP (HTTP):

Connects to wo01.es2.aedn.eu (178.33.88.172:80)

TCP (HTTP SSL):

Connects to ec2-54-85-176-188.compute-1.amazonaws.com (54.85.176.188:443)

TCP (HTTP SSL):

Connects to ec2-52-6-82-78.compute-1.amazonaws.com (52.6.82.78:443)

TCP (HTTP SSL):

Connects to d.v.dropbox.com (108.160.172.225:443)

TCP (HTTP SSL):

Connects to client.v.dropbox.com (108.160.172.204:443)

TCP (HTTP):

Connects to 91.219.106.212.static.jazztel.es (212.106.219.91:80)

TCP (HTTP):

Connects to r-1.mailjet.com (5.196.44.187:80)

TCP (HTTP):

Connects to nl.redir.opera.com (82.145.215.91:80)

TCP (HTTP):

Connects to md5.hackerwatch.org (161.69.13.35:80)

TCP (HTTP):

Connects to ec2-54-235-182-183.compute-1.amazonaws.com (54.235.182.183:80)

TCP (HTTP):

Connects to ec2-54-154-109-8.eu-west-1.compute.amazonaws.com (54.154.109.8:80)

TCP (HTTP):

Connects to ec2-52-50-196-247.eu-west-1.compute.amazonaws.com (52.50.196.247:80)

TCP (HTTP):

Connects to ec2-52-30-226-196.eu-west-1.compute.amazonaws.com (52.30.226.196:80)

TCP (HTTP):

Connects to a23-200-86-145.deploy.static.akamaitechnologies.com (23.200.86.145:80)

TCP (HTTP):

Connects to a104-93-250-224.deploy.static.akamaitechnologies.com (104.93.250.224:80)

Remove offerboxhttpproxy.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.