home

AdvanceBox.exe

AdvanceBox

The executable AdvanceBox.exe has been detected as malware by 8 anti-virus scanners. While running, it connects to the Internet address 45-125-194-210.ip4.readyserver.sg on port 443.
Product:
AdvanceBox

Version:
12.0.3.4

MD5:
e40144b38e7984786d0a57115f4ba6ed

SHA-1:
ac66b689fb606cc54029d027e1ded69d6e42deba

SHA-256:
83ec6006a9bd53c136db2bbec3d9d73dde72dc28ddb7e0145f2d6eea277b2839

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
11/23/2024 2:34:44 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.14802997
5754433

avast!
Win32:Dropper-gen [Drp]
150602-1

Baidu Antivirus
Hacktool.Win32.Packed.Themida
4.0.3.1577

Bkav FE
W32.HfsAutoB
1.3.0.6979

Emsisoft Anti-Malware
Trojan.Generic.14802997
10.0.0.5366

ESET NOD32
Win32/Packed.Themida suspicious application
7.0.302.0

F-Secure
Trojan.Generic.14802997
5.14.151

Norman
Trojan.Generic.14802997
07.07.2015 03:10:29

File size:
6.9 MB (7,183,872 bytes)

Product version:
12.34

Copyright:
AdvanceBox

Trademarks:
AdvanceBox Turbo Flasher

Original file name:
AdvanceBox.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
6/25/2015 11:50:51 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:QEXx5s5dlaVzcXSCyvM1/LiwisFwwPPvOgxebKCbUBGhlGXWJU:Qys5dQqyU1G0PaF/hlGmu

Entry address:
0x1654000

Entry point:
EB, 08, 0F, 7C, 6D, 00, 00, 00, 00, 00, E9, 00, 20, 00, 00, 54, 41, 47, 47, 00, 20, 00, 00, B3, 1B, 00, 00, 01, 00, 30, 82, 1B, AF, 06, 09, 2A, 86, 48, 86, F7, 0D, 01, 07, 02, A0, 82, 1B, A0, 30, 82, 1B, 9C, 02, 01, 01, 31, 09, 30, 07, 06, 05, 2B, 0E, 03, 02, 1A, 30, 82, 0F, 21, 06, 09, 2A, 86, 48, 86, F7, 0D, 01, 07, 01, A0, 82, 0F, 12, 04, 82, 0F, 0E, D0, 00, 01, 00, 01, C1, B1, A1, 02, 00, 03, 00, 04, 00, 00, 00, 26, 00, 00, 00, 01, 00, D8, D1, A2, AF, 8C, AC, 24, C3, 8A, 67, 3F, CC, FF, 52, 4B, 2B, FF...
 
[+]

Entropy:
7.9709  (probably packed)

Code size:
8.8 MB (9,182,208 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 1b.2d.78ae.static.theplanet.com  (174.120.45.27:80)

TCP (HTTP):
Connects to 45-125-194-210.ip4.readyserver.sg  (45.125.194.210:80)

TCP (HTTP):
Connects to static.7.18.201.138.clients.your-server.de  (138.201.18.7:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-sin6.fbcdn.net  (157.240.7.26:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-sin6.facebook.com  (157.240.7.35:443)

TCP (HTTP):
Connects to crl.comodoca.com.cdn.cloudflare.net  (178.255.83.2:80)

TCP (HTTP):
Connects to a23-57-235-27.deploy.static.akamaitechnologies.com  (23.57.235.27:80)

TCP (HTTP):
Connects to a23-55-155-27.deploy.static.akamaitechnologies.com  (23.55.155.27:80)

TCP (HTTP):
Connects to a23-41-75-27.deploy.static.akamaitechnologies.com  (23.41.75.27:80)

TCP (HTTP SSL):
Connects to a23-219-134-93.deploy.static.akamaitechnologies.com  (23.219.134.93:443)

TCP (HTTP SSL):
Connects to a184-87-26-202.deploy.static.akamaitechnologies.com  (184.87.26.202:443)

TCP (HTTP SSL):
Connects to a104-93-107-122.deploy.static.akamaitechnologies.com  (104.93.107.122:443)

TCP (HTTP SSL):
Connects to a104-108-198-119.deploy.static.akamaitechnologies.com  (104.108.198.119:443)

TCP (HTTP SSL):
Connects to a104-108-152-33.deploy.static.akamaitechnologies.com  (104.108.152.33:443)

TCP (HTTP):
Connects to 125.235.4.59.adsl.viettel.vn  (125.235.4.59:80)

Remove AdvanceBox.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.