offerboxhttpproxy.exe

OfferBoxHTTPProxy

Aedge Performance BCN, S.L.U.

The application offerboxhttpproxy.exe by Aedge Performance BCN, S.L.U has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 56847 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program OfferBox by Aedge Performance BCN SL which is a potentially unwanted software program.
Publisher:
Aedge Performance BCN SL  (signed by Aedge Performance BCN, S.L.U.)

Product:
OfferBoxHTTPProxy

Version:
5, 5, 5491, 415

MD5:
324e74c28366468c9cd5ced899c1ee12

SHA-1:
fae497a7cadf0991cd721dc9afbb668185365c8a

SHA-256:
a1daf6cd83eec357b6cb843b0af9d6b74c2bc07c45b47c94ce5be05f9cef96bd

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
8/17/2018 2:29:27 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Adedge
15.3.1.15

File size:
173.4 KB (177,512 bytes)

Product version:
5, 5, 5491, 415

Copyright:
Copyright © 2011

File type:
Executable application (Win32 EXE)

Language:
Spanish

Common path:
C:\Program Files\offerbox\offerboxhttpproxy.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/16/2011 2:00:00 AM

Valid to:
6/16/2012 1:59:59 AM

Subject:
CN="Aedge Performance BCN, S.L.U.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Aedge Performance BCN, S.L.U.", L=BARCELONA, S=CATALUNYA, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
061F16F7D5994D184FAEB300004B0693

File PE Metadata
Compilation timestamp:
3/6/2012 3:33:09 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:d7S+UNH8CMjxIqgkWnS23JvXjPCdovzeQ12+lo/V8XtzX:2NrGIqpW7JvTPCeS8tX

Entry address:
0xD350

Entry point:
E8, A0, 5A, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 0C, 75, 1D, E8, 52, 0F, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, D5, 02, 00, 00, 83, C4, 14, 83, C8, FF, EB, 4D, 8B, 45, 08, 3B, C3, 74, DC, 56, 89, 45, E8, 89, 45, E0, 8D, 45, 10, 50, 53, FF, 75, 0C, 8D, 45, E0, 50, C7, 45, E4, FF, FF, FF, 7F, C7, 45, EC, 42, 00, 00, 00, E8, E1, 5C, 00, 00, 83, C4, 10, FF, 4D, E4, 8B, F0, 78, 07, 8B, 45, E0, 88, 18, EB, 0C, 8D, 45, E0, 50, 53, E8, BC, 5A, 00, 00, 59...
 
[+]

Code size:
129.5 KB (132,608 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:56847/

Local host port:
56847

Default credentials:
No


The file offerboxhttpproxy.exe has been discovered within the following program.

OfferBox  by Aedge Performance BCN SL
It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine).
www.offerbox.com
71% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to wo01.es2.aedn.eu  (178.33.88.172:80)

TCP (HTTP):
Connects to wo02.es2.aedn.eu  (178.33.88.173:80)

TCP (HTTP SSL):
Connects to ec2-52-73-109-231.compute-1.amazonaws.com  (52.73.109.231:443)

TCP (HTTP SSL):
Connects to d.v.dropbox.com  (108.160.172.193:443)

TCP (HTTP):
Connects to a96-7-59-102.deploy.akamaitechnologies.com  (96.7.59.102:80)

TCP (HTTP):
Connects to a95-101-34-89.deploy.akamaitechnologies.com  (95.101.34.89:80)

TCP (HTTP):
Connects to a95-101-34-81.deploy.akamaitechnologies.com  (95.101.34.81:80)

TCP (HTTP):
Connects to a92-123-180-145.deploy.akamaitechnologies.com  (92.123.180.145:80)

TCP (HTTP):
Connects to websn2s112.aruba.it  (31.11.33.122:80)

TCP (HTTP):
Connects to visicom-101.nationalnet.com  (69.50.130.31:80)

TCP (HTTP):
Connects to rtr3.l7.search.vip.ir2.yahoo.com  (217.12.15.96:80)

TCP (HTTP):
Connects to origin-thumbs.g.ebay.com  (66.135.217.107:80)

TCP (HTTP):
Connects to ip228.ip-151-80-180.eu  (151.80.180.228:80)

TCP (HTTP):
Connects to ec2-54-225-67-191.compute-1.amazonaws.com  (54.225.67.191:80)

TCP (HTTP):
Connects to ec2-54-225-182-66.compute-1.amazonaws.com  (54.225.182.66:80)

TCP (HTTP):
Connects to ec2-54-221-252-20.compute-1.amazonaws.com  (54.221.252.20:80)

TCP (HTTP SSL):
Connects to ec2-52-7-213-116.compute-1.amazonaws.com  (52.7.213.116:443)

TCP (HTTP SSL):
Connects to ec2-52-6-82-78.compute-1.amazonaws.com  (52.6.82.78:443)

TCP (HTTP SSL):
Connects to ec2-52-54-220-173.compute-1.amazonaws.com  (52.54.220.173:443)

TCP (HTTP):
Connects to e2.ycpi.vip.lob.yahoo.com  (87.248.114.12:80)

Remove offerboxhttpproxy.exe - Powered by Reason Core Security