home

box_downloader.exe

Gamebox Setup

337 Technology Limited

The application box_downloader.exe by 337 Technology Limited has been detected as adware by 3 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from dc586.4shared.com and multiple other hosts. While running, it connects to the Internet address dc.82.adb8.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
337 Technology Limited  (signed and verified)

Product:
Gamebox Setup

Description:
Setup

Version:
1.0.19.16989

MD5:
cf0143df2895d6811c865227886aa2ef

SHA-1:
07922f2f7306e86554832312be674a6a237f6b50

SHA-256:
95ef57e102c0c1383ec982edebeaedd4392bebee9e2893fa1a660d4e61f732c4

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
11/6/2024 2:42:02 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Elex
4.0.3.141115

Dr.Web
Adware.Mutabaha.74
9.0.1.0319

Reason Heuristics
PUP.Installer.337TechnologyLimited.O
14.11.15.15

File size:
973.3 KB (996,632 bytes)

Product version:
1.0.19.16989

Copyright:
Copyright (c) 2011-2014 337 Technology Limited

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
337 Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
6/25/2012 6:04:18 AM

Valid to:
6/26/2015 6:04:18 AM

Subject:
CN=337 Technology Limited, O=337 Technology Limited, L=香港, S=香港, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121A511A565DC1022CCD7BA41E2E418FE65

File PE Metadata
Compilation timestamp:
9/29/2014 7:38:30 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:RBxybMMGCtK3IR50Lo97KTwo6fus3cgoO67QZQsDm6rZn:XwMeM3GSemTttKcODmO

Entry address:
0x10F73

Entry point:
E8, 7F, 63, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 75, 13, E8, 7B, 27, 00, 00, 6A, 16, 5E, 89, 30, E8, 13, 35, 00, 00, 8B, C6, EB, 24, 68, 80, 00, 00, 00, FF, 75, 10, FF, 75, 0C, E8, 17, 00, 00, 00, 83, C4, 0C, 89, 06, 85, C0, 74, 04, 33, C0, EB, 07, E8, 4B, 27, 00, 00, 8B, 00, 5E, 5D, C3, 6A, 0C, 68, A0, 0F, 43, 00, E8, B2, 39, 00, 00, 33, C9, 89, 4D, E4, 33, C0, 8B, 7D, 08, 85, FF, 0F, 95, C0, 85, C0, 75, 17, E8, 22, 27, 00, 00, C7, 00, 16, 00, 00, 00, E8, B9, 34, 00, 00, 33, C0...
 
[+]

Code size:
141.5 KB (144,896 bytes)

The file box_downloader.exe has been seen being distributed by the following 3 URLs.

http://dc586.4shared.com/download/.../box_downloader.exe

http://dc383.4shared.com/download/.../box_downloader.exe

http://asset.337.com/.../box_downloader.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to dc.82.adb8.ip4.static.sl-reverse.com  (184.173.130.220:80)

Remove box_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.