home

boxore.exe

Boxore Client

Boxore OU

The application boxore.exe has been detected as a potentially unwanted program by 17 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Boxore Client’. Additionally, the file is typically installed by a number of programs including Boxore Client by Boxore OU and Linkury Smartbar Engine by Linkury Inc., both potentially unwanted software. While running, it connects to the Internet address ns04.hiwit.net on port 80 using the HTTP protocol.
Publisher:
Boxore OU

Product:
Boxore Client

Version:
5.0.0.0

MD5:
049327975c9a1c09d5a7b84825939c95

SHA-1:
706e279f0244adcb930469ccb36be2a93ed5e279

SHA-256:
7e7e516c41f16d2131e9a1c739f582a9e3490d3f9ff110b927fdf1e5f50c1622

Scanner detections:
17 / 68

Status:
Potentially unwanted

Analysis date:
4/13/2025 6:34:22 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.689923
781

Agnitum Outpost
PUA.Boxore
7.1.1

avast!
Win32:PUP-gen [PUP]
2014.9-141002

AVG
Generic5
2015.0.3334

Baidu Antivirus
Adware.Win32.Boxore
4.0.3.14625

Bitdefender
Application.Generic.689923
1.0.20.1750

Comodo Security
ApplicUnwnt
19673

Dr.Web
Adware.Downware.8420
9.0.1.0275

ESET NOD32
Win32/AdWare.Boxore (variant)
8.9974

F-Secure
Application.Generic.689923
11.2014-16-12_3

G Data
Application.Generic.689923
14.12.24

Malwarebytes
Adware.Boxore
v2014.06.25.03

MicroWorld eScan
Application.Generic.689923
15.0.0.1050

NANO AntiVirus
Riskware.Win32.Downware.dftgos
0.28.2.62440

Reason Heuristics
Threat.Win.Reputation.IMP
14.12.16.10

Trend Micro House Call
Suspicious_GEN.F47V0620
7.2.275

VIPRE Antivirus
Trojan.Win32.Generic
31744

File size:
943 KB (965,632 bytes)

Product version:
5.0.0.0

Original file name:
boxore.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\boxore\boxoreclient\boxore.exe

File PE Metadata
Compilation timestamp:
6/20/2014 5:48:53 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:Vi9Db8s56haD1DPgjY23XmM+/vsKhZZ7uRS6yaFeD8fV2fTzP:2bThhTdJCIaFeD8fQT

Entry address:
0xA19CD

Entry point:
E8, 4F, 91, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, 80, 17, 4D, 00, 75, 02, F3, C3, E9, D1, 91, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A4, 01, 00, 00, 81, F9, 00, 01, 00, 00, 72, 1F, 83, 3D, 40, BF, 4D, 00, 00, 74, 16, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 08, 5E, 5F, 5D, E9, 1A, 1C, 00, 00, F7, C7, 03, 00, 00, 00, 75, 15, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 2A, F3, A5, FF...
 
[+]

Code size:
745.5 KB (763,392 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Boxore Client

Command:
C:\Program Files\boxore\boxoreclient\boxore.exe


The file boxore.exe has been discovered within the following programs.

Boxore Client  by Boxore OU
Typically bundled through 3rd party download managers as an 'offer'. The software will modify the user's web browser and display advertisements in Internet Explorer, Chrome and Firefox as well as modify the home and search pages.
www.boxore.com
81% remove it
Linkury Smartbar Engine  by Linkury Inc.
What the Smartbar does: - Changes the default search engine in your web browser's built-in search box. - Changes the default home page of your web browser. - Adds alternative "page not found" functionality. - Enable search from the address bar of your web browser.
www.linkury.com
68% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ns04.hiwit.net  (194.150.236.156:80)

Remove boxore.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.