home

boxrock.expext.exe

Box Rock

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application boxrock.expext.exe by Box Rock has been detected as adware by 16 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Box Rock  (signed and verified)

Version:
1.0.5442.37494

MD5:
8f7968433358066d3b1b83755b254292

SHA-1:
fdb50b166fbae49e4cc76202e2289419e898ba47

SHA-256:
68443a97a678d0aa4a23eb5c5a72242e4131add002a5fef394554b7e190f9c50

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/26/2024 2:39:39 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.CN
796

AhnLab V3 Security
Win-PUP/BrowseFox.Gen
2014.11.28

AVG
Generic
2015.0.3275

Baidu Antivirus
Adware.Win64.BrowseFox
4.0.3.141130

Bitdefender
Adware.SwiftBrowse.CN
1.0.20.1670

Emsisoft Anti-Malware
Adware.SwiftBrowse.CN
8.14.11.30.11

ESET NOD32
Win64/BrowseFox.G potentially unwanted application
8.7.0.302.0

F-Secure
Adware.SwiftBrowse.CN
11.2014-30-11_1

G Data
Adware.SwiftBrowse.CN
14.11.24

IKARUS anti.virus
PUA.BrowseFox
t3scan.1.8.3.0

K7 AntiVirus
Trojan
13.186.14161

MicroWorld eScan
Adware.SwiftBrowse.CN
15.0.0.1002

nProtect
Adware.SwiftBrowse.CN
14.11.27.01

Reason Heuristics
PUP.BoxRock.N
14.11.30.9

Sophos
Browse Fox
4.98

VIPRE Antivirus
Threat.4741131
35088

File size:
99.2 KB (101,608 bytes)

Product version:
1.0.5442.37494

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\box rock\bin\boxrock.expext.exe

Digital Signature
Signed by:
Box Rock

Authority:
VeriSign, Inc.

Valid from:
10/7/2014 2:00:00 AM

Valid to:
10/3/2015 1:59:59 AM

Subject:
CN=Box Rock, O=Box Rock, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1125198B1C5DF8CC1185255178F1DAFC

File PE Metadata
Compilation timestamp:
11/29/2014 8:08:34 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:bt61kXRIHyUGORfPgEWGnadKCxHWPWK6dH0kxYnMBh4uTmQpgMREtu:cIRI9GK7YxHW+K6/1WQpgyEtu

Entry address:
0x561E

Entry point:
E8, AB, 3C, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 64, 7F, 41, 00, FF, 15, 4C, 20, 41, 00, 85, C0, 75, 18, 56, E8, 2F, 08, 00, 00, 8B, F0, FF, 15, 68, 20, 41, 00, 50, E8, DF, 07, 00, 00, 59, 89, 06, 5E, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, C0, 91, 41, 00, 00, 74, 05, E9, CD, 3C, 00, 00, 57, 8B...
 
[+]

Code size:
65.5 KB (67,072 bytes)

Remove boxrock.expext.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.