home

AdvanceBox.exe

AdvanceBox

The executable AdvanceBox.exe has been detected as malware by 8 anti-virus scanners. While running, it connects to the Internet address 45-125-194-210.ip4.readyserver.sg on port 80 using the HTTP protocol.
Product:
AdvanceBox

Version:
12.0.4.0

MD5:
e305c90f2db2ee90173b483493fb449b

SHA-1:
919e944e2484590dd199dadc6d947d5427bfe108

SHA-256:
0bd6ddd5866014a7ded2332c7620c158c6744a7e4feb7e654fb0021574879c18

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
12/26/2024 1:42:32 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
2014.9-150830

Baidu Antivirus
Hacktool.Win32.Packed.Themida
4.0.3.15830

Bkav FE
HW32.Packed
1.3.0.6979

ESET NOD32
Win32/Packed.Themida suspicious application
7.0.302.0

Fortinet FortiGate
PossibleThreat
8/30/2015

Qihoo 360 Security
HEUR/QVM19.1.Malware.Gen
1.0.0.1015

Sophos
Generic PUA JB (PUA)
4.98

VIPRE Antivirus
Backdoor.Graybird
43294

File size:
6.8 MB (7,172,608 bytes)

Product version:
12.40

Copyright:
AdvanceBox

Trademarks:
AdvanceBox Turbo Flasher

Original file name:
AdvanceBox.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
7/30/2015 9:47:27 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:A4TbbRr6p7GaNtGhlMGkAAVZ3ZGOSgKM4Vm+udA7jgNh:jTF6p7RGhlMhA4ROz/UdA7j

Entry address:
0x165D000

Entry point:
EB, 08, 0F, 50, 6D, 00, 00, 00, 00, 00, E9, 00, 20, 00, 00, 54, 41, 47, 47, 00, 20, 00, 00, B3, 1B, 00, 00, 01, 00, 30, 82, 1B, AF, 06, 09, 2A, 86, 48, 86, F7, 0D, 01, 07, 02, A0, 82, 1B, A0, 30, 82, 1B, 9C, 02, 01, 01, 31, 09, 30, 07, 06, 05, 2B, 0E, 03, 02, 1A, 30, 82, 0F, 21, 06, 09, 2A, 86, 48, 86, F7, 0D, 01, 07, 01, A0, 82, 0F, 12, 04, 82, 0F, 0E, D0, 00, 01, 00, 01, C1, B1, A1, 02, 00, 03, 00, 04, 00, 00, 00, 26, 00, 00, 00, 01, 00, 24, 75, BA, DF, 71, E1, F6, 95, D4, 6C, CA, D0, F4, 3B, C1, B9, 3A...
 
[+]

Code size:
8.8 MB (9,273,856 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 1b.2d.78ae.static.theplanet.com  (174.120.45.27:80)

TCP (HTTP):
Connects to 45-125-194-210.ip4.readyserver.sg  (45.125.194.210:80)

TCP (HTTP SSL):
Connects to a104-93-107-122.deploy.static.akamaitechnologies.com  (104.93.107.122:443)

TCP (HTTP SSL):
Connects to a23-219-134-93.deploy.static.akamaitechnologies.com  (23.219.134.93:443)

TCP (HTTP):
Connects to a23-41-75-27.deploy.static.akamaitechnologies.com  (23.41.75.27:80)

TCP (HTTP SSL):
Connects to a104-108-152-33.deploy.static.akamaitechnologies.com  (104.108.152.33:443)

TCP (HTTP SSL):
Connects to a23-9-201-8.deploy.static.akamaitechnologies.com  (23.9.201.8:443)

TCP (HTTP SSL):
Connects to a23-58-52-59.deploy.static.akamaitechnologies.com  (23.58.52.59:443)

TCP (HTTP):
Connects to a23-51-123-27.deploy.static.akamaitechnologies.com  (23.51.123.27:80)

TCP (HTTP):
Connects to a23-35-43-27.deploy.static.akamaitechnologies.com  (23.35.43.27:80)

TCP (HTTP):
Connects to a23-15-155-27.deploy.static.akamaitechnologies.com  (23.15.155.27:80)

TCP (HTTP):
Connects to ocsp.comodoca.com  (178.255.83.1:80)

TCP (HTTP SSL):
Connects to a92-123-105-75.deploy.akamaitechnologies.com  (92.123.105.75:443)

TCP (HTTP SSL):
Connects to a23-74-217-24.deploy.static.akamaitechnologies.com  (23.74.217.24:443)

TCP (HTTP SSL):
Connects to a23-57-201-8.deploy.static.akamaitechnologies.com  (23.57.201.8:443)

TCP (HTTP SSL):
Connects to a23-57-195-42.deploy.static.akamaitechnologies.com  (23.57.195.42:443)

TCP (HTTP SSL):
Connects to a23-50-12-199.deploy.static.akamaitechnologies.com  (23.50.12.199:443)

TCP (HTTP SSL):
Connects to a23-37-54-153.deploy.static.akamaitechnologies.com  (23.37.54.153:443)

TCP (HTTP SSL):
Connects to a184-87-26-202.deploy.static.akamaitechnologies.com  (184.87.26.202:443)

TCP (HTTP SSL):
Connects to a104-122-93-60.deploy.static.akamaitechnologies.com  (104.122.93.60:443)

Remove AdvanceBox.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.