boxoreinstaller.exe

Software Update

Boxore OU

The application boxoreinstaller.exe, “Software Update Setup” by Boxore OU has been detected as adware by 9 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from dl1.downserver1.com and multiple other hosts.
Publisher:
The Software Group  (signed by Boxore OU)

Product:
Software Update

Description:
Software Update Setup

Version:
1.3.25.0

MD5:
4ebc401e9b17420f6ede2747e6de0196

SHA-1:
9fde0414ad2cf91fd5907aebf4189efeed902b63

SHA-256:
2d6b87649602e0b9e3b06e6b3e15b694015c0ca4d3963b1edcf34b1a5d8dba4b

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
12/23/2024 11:35:46 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Trash.Gen
7.11.146.128

Dr.Web
Adware.Downware.1463
9.0.1.038

G Data
Win32.Trojan-Dropper.BoxoreInject
14.2.22

Malwarebytes
PUP.Optional.SoftwareUpdate.A
v2014.12.16.03

NANO AntiVirus
Trojan.Win32.Downware.ctonas
0.28.0.59608

Reason Heuristics
PUP.Installer.BoxoreOU.P
14.8.7.20

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10435

Trend Micro House Call
TROJ_GEN.F47V0509
7.2.38

VIPRE Antivirus
Backdoor.Win32.Bifrose.fsi
28744

File size:
606.1 KB (620,656 bytes)

Product version:
1.3.25.0

Copyright:
Copyright 2013 The Software Group.

Original file name:
SoftwareUpdateSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\boxoreinstaller.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
7/13/2012 2:00:00 AM

Valid to:
11/14/2014 1:00:00 PM

Subject:
CN=Boxore OU, O=Boxore OU, L=Tallinn, C=EE

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
08499DE506987AF239F07BF7A498DE68

File PE Metadata
Compilation timestamp:
1/15/2014 3:57:53 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:+Ahub98Lq951mGYqrCpT4/6lCb+y38jE0qbcFSCzluMiOS+U/b:+kESQ1mGBrCpT4/6aMja4FSCRRSRb

Entry address:
0x4785

Entry point:
E8, D5, 13, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 8B, 00, 81, 38, 63, 73, 6D, E0, 75, 2A, 83, 78, 10, 03, 75, 24, 8B, 40, 14, 3D, 20, 05, 93, 19, 74, 15, 3D, 21, 05, 93, 19, 74, 0E, 3D, 22, 05, 93, 19, 74, 07, 3D, 00, 40, 99, 01, 75, 05, E8, 2F, 14, 00, 00, 33, C0, 5D, C2, 04, 00, 68, 8F, 47, 40, 00, FF, 15, 0C, C0, 40, 00, 33, C0, C3, 8B, FF, 55, 8B, EC, 68, EC, C1, 40, 00, FF, 15, 14, C0, 40, 00, 85, C0, 74, 15, 68, DC, C1, 40, 00, 50, FF, 15, 10, C0, 40, 00, 85, C0, 74, 05, FF, 75...
 
[+]

Code size:
40.5 KB (41,472 bytes)

The file boxoreinstaller.exe has been seen being distributed by the following 8 URLs.

http://dl1.downserver1.com/Installer/.../Boxore_Installer.exe

Remove boxoreinstaller.exe - Powered by Reason Core Security