home

box_downloader.exe

Gamebox Setup

337 Technology Limited

The application box_downloader.exe by 337 Technology Limited has been detected as adware by 3 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from dc586.4shared.com and multiple other hosts. While running, it connects to the Internet address dc.82.adb8.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
337 Technology Limited  (signed and verified)

Product:
Gamebox Setup

Description:
Setup

Version:
1.0.20.17288

MD5:
c63712518b71cbb1be31d645958a22c1

SHA-1:
d5a009e579fd42df81d01fb560936100b02c57f1

SHA-256:
7338b2ae060d0a5d5f6b03dd69294a563b00f0e017053fce6a2e66632d9ee1d4

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
11/23/2024 11:04:52 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Elex
4.0.3.141027

Dr.Web
Adware.Mutabaha.74
9.0.1.0300

Reason Heuristics
PUP.Installer.337TechnologyLimited.O
14.10.27.19

File size:
973.3 KB (996,608 bytes)

Product version:
1.0.20.17288

Copyright:
Copyright (c) 2011-2014 337 Technology Limited

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\box_downloader.exe

Digital Signature
Signed by:
337 Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
6/25/2012 2:04:18 AM

Valid to:
6/26/2015 2:04:18 AM

Subject:
CN=337 Technology Limited, O=337 Technology Limited, L=香港, S=香港, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121A511A565DC1022CCD7BA41E2E418FE65

File PE Metadata
Compilation timestamp:
10/16/2014 2:46:12 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:JBxybD2GC/K3IR50Lo97KTwo6fuahMN7q50ObCNFaI1BKkR:fwD8S3GSemTtTZ+bCH7KkR

Entry address:
0x10F73

Entry point:
E8, 7F, 63, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 75, 13, E8, 7B, 27, 00, 00, 6A, 16, 5E, 89, 30, E8, 13, 35, 00, 00, 8B, C6, EB, 24, 68, 80, 00, 00, 00, FF, 75, 10, FF, 75, 0C, E8, 17, 00, 00, 00, 83, C4, 0C, 89, 06, 85, C0, 74, 04, 33, C0, EB, 07, E8, 4B, 27, 00, 00, 8B, 00, 5E, 5D, C3, 6A, 0C, 68, A0, 0F, 43, 00, E8, B2, 39, 00, 00, 33, C9, 89, 4D, E4, 33, C0, 8B, 7D, 08, 85, FF, 0F, 95, C0, 85, C0, 75, 17, E8, 22, 27, 00, 00, C7, 00, 16, 00, 00, 00, E8, B9, 34, 00, 00, 33, C0...
 
[+]

Entropy:
7.6170

Code size:
141.5 KB (144,896 bytes)

The file box_downloader.exe has been seen being distributed by the following 4 URLs.

http://dc586.4shared.com/download/.../box_downloader.exe

http://337.eleximg.com/337/www_gamebox/.../box_downloader.exe

http://dc689.4shared.com/download/.../logger_ddtank_2015_337.exe

http://asset.337.com/.../box_downloader.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to dc.82.adb8.ip4.static.sl-reverse.com  (184.173.130.220:80)

Remove box_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.