home

AdvanceBox.exe

AdvanceBox

The executable AdvanceBox.exe has been detected as malware by 13 anti-virus scanners. While running, it connects to the Internet address 45-125-194-210.ip4.readyserver.sg on port 443.
Product:
AdvanceBox

Version:
11.0.7.0

MD5:
6b48964bed8aa7b2c6a945288f2ad24c

SHA-1:
666ae06af8ee7323386cfc5a8b95bb3d8c52593d

SHA-256:
9f7e1ec8c538091a961249d8c7c0f781f920e8b1fd8c6bc45cf5d548c1046728

Scanner detections:
13 / 68

Status:
Malware

Analysis date:
12/26/2024 1:44:11 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic11_c
2016.0.3201

Baidu Antivirus
Hacktool.Win32.Themida
4.0.3.15212

Comodo Security
UnclassifiedMalware
21019

ESET NOD32
Win32/Packed.Themida suspicious application
8.0.319.0

Fortinet FortiGate
PossibleThreat
2/12/2015

K7 AntiVirus
Trojan
13.194.14904

McAfee
Artemis!6B48964BED8A
5600.6857

Norman
Troj_Generic.WLAPM
11.20150212

Sophos
Generic PUA GG
4.98

Trend Micro House Call
TROJ_GEN.R047C0EKT14
7.2.43

Trend Micro
TROJ_GEN.R047C0EKT14
10.465.12

VIPRE Antivirus
Trojan.Win32.Generic
37400

ViRobot
Trojan.Win32.S.Agent.5601280.A[h]
2014.3.20.0

File size:
5.3 MB (5,601,280 bytes)

Product version:
11.70

Copyright:
AdvanceBox

Trademarks:
AdvanceBox Turbo Flasher

Original file name:
AdvanceBox.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
9/30/2014 5:25:48 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:uGfvdEUPwxS+DhR6mMi7zt+gSwa2W/ywNJaQNYjnZjq6IN2DyrkAx:usvdlwxS+uy7ztXSwaKMJaQKzZjq6IN3

Entry address:
0x1217000

Entry point:
56, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, 20, 1C, 00, 2D, 00, 82, 0C, 10, 05, F7, 81, 0C, 10, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, 13, 85, 1D, 7E, 68, B8, D9, 84, 17, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, 10, D7, 02, EE, 15, BC, F5, 79, 4E, 76, F6, CF, 77, 67, E1, 68...
 
[+]

Entropy:
7.9883  (probably packed)

Code size:
7.8 MB (8,155,136 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 1b.2d.78ae.static.theplanet.com  (174.120.45.27:80)

TCP (HTTP):
Connects to 45-125-194-210.ip4.readyserver.sg  (45.125.194.210:80)

TCP (HTTP SSL):
Connects to 1c.2d.78ae.static.theplanet.com  (174.120.45.28:443)

TCP (HTTP SSL):
Connects to a23-50-181-33.deploy.static.akamaitechnologies.com  (23.50.181.33:443)

TCP (HTTP SSL):
Connects to a23-219-134-93.deploy.static.akamaitechnologies.com  (23.219.134.93:443)

TCP (HTTP SSL):
Connects to a184-87-26-202.deploy.static.akamaitechnologies.com  (184.87.26.202:443)

TCP (HTTP):
Connects to 125.235.4.59.adsl.viettel.vn  (125.235.4.59:80)

TCP (HTTP):
Connects to static.7.18.201.138.clients.your-server.de  (138.201.18.7:80)

TCP (HTTP):
Connects to ocsp.comodoca.com  (178.255.83.1:80)

TCP (HTTP SSL):
Connects to a95-100-21-238.deploy.akamaitechnologies.com  (95.100.21.238:443)

TCP (HTTP SSL):
Connects to a23-9-201-8.deploy.static.akamaitechnologies.com  (23.9.201.8:443)

TCP (HTTP SSL):
Connects to a23-53-208-174.deploy.static.akamaitechnologies.com  (23.53.208.174:443)

TCP (HTTP SSL):
Connects to a23-38-9-8.deploy.static.akamaitechnologies.com  (23.38.9.8:443)

TCP (HTTP SSL):
Connects to a23-35-214-235.deploy.static.akamaitechnologies.com  (23.35.214.235:443)

TCP (HTTP SSL):
Connects to a104-93-107-122.deploy.static.akamaitechnologies.com  (104.93.107.122:443)

TCP (HTTP SSL):
Connects to a104-117-130-64.deploy.static.akamaitechnologies.com  (104.117.130.64:443)

Remove AdvanceBox.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.