band-in-a-box.exe

Smart Secure Software S.l.

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application band-in-a-box.exe by Smart Secure Software S.l has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from www.softdls.com.
Publisher:
Smart Secure Software S.l.  (signed and verified)

MD5:
4aa9ea107567a948f234a03acf08165f

SHA-1:
a43d90e7cf7118d0726b1017cdd0dfe3230dc88a

SHA-256:
a9329f1601ea1289fb6d95d2da541484f4efd136fed59f563ca78434947c6656

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/27/2024 4:24:33 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
TR/Dropper.Gen
7.11.30.172

avast!
Win32:GenMalicious-EY [PUP]
2014.9-140727

AVG
Generic
2015.0.3400

Dr.Web
Trojan.Packed.28257
9.0.1.05190

ESET NOD32
Win32/SoftPulse.F potentially unwanted application
7.0.302.0

IKARUS anti.virus
PUA.DigiPlug
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.181.12846

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.3497

McAfee
Socrydo
5600.7056

NANO AntiVirus
Trojan.Win32.Inject.dcnwxu
0.28.2.60990

Norman
Malware
11.20140715

Panda Antivirus
Trj/Genetic.gen
14.07.15.06

Reason Heuristics
PUP.SmartSecureSoftwareSl.N
14.7.15.16

Sophos
DomainIQ pay-per install
4.98

VIPRE Antivirus
Threat.4150696
31208

File size:
1.1 MB (1,187,040 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\band-in-a-box.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/16/2014 9:00:00 PM

Valid to:
6/17/2015 8:59:59 PM

Subject:
CN=Smart Secure Software S.l., O=Smart Secure Software S.l., L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
47353B4EEC0D902A135E20BEE1A66817

File PE Metadata
Compilation timestamp:
7/15/2014 7:40:27 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:BW1xsqFZeJeJeJeJeJeJdgs4BxjkN2ieWfYgKZ3F8FDZaxSCWKarX73HY04Rzbcr:ixpZIB+JSZ3FuZMGrU0IzoMn4AADw49f

Entry address:
0x842D

Entry point:
E8, D4, 3B, 00, 00, E9, 39, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3...
 
[+]

Code size:
143.5 KB (146,944 bytes)

The file band-in-a-box.exe has been seen being distributed by the following URL.

Remove band-in-a-box.exe - Powered by Reason Core Security