gadgetbox.exe

The application gadgetbox.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from i1.stylefun.info and multiple other hosts.
MD5:
e3cd117e62b1d06b19b7393ab152fdcd

SHA-1:
37bafa6784896d7ff729b6ad2b286a32f7c8bb73

SHA-256:
5cd3afd2f489e3710a77bbb7a6a1bfedc8ffc2e7acb795ded77eeebc8950610d

Scanner detections:
14 / 68

Status:
Potentially unwanted

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
12/25/2024 1:00:08 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Toolbar.Gen
7.11.119.230

avast!
Win32:Adware-BCA [Adw]
2014.9-131224

AVG
Generic30
2014.0.3616

Baidu Antivirus
HackTool.Win32.GadgetBox
4.0.3.131224

Bkav FE
W32.Clodf28.Trojan
1.3.0.4613

Comodo Security
UnclassifiedMalware
17450

Dr.Web
Adware.Searcher.2079
9.0.1.0358

ESET NOD32
Win32/Toolbar.GadgetBox
7.9178

Fortinet FortiGate
W32/Toolbar.GADGETBOX
12/24/2013

IKARUS anti.virus
Win32.Malware
t3scan.2.2.29

K7 AntiVirus
Trojan
13.174.10530

Malwarebytes
PUP.Optional.BabylonSearch.A
v2013.12.24.09

McAfee
Artemis!E3CD117E62B1
5600.7272

VIPRE Antivirus
Trojan.Win32.Generic
24424

File size:
756.8 KB (774,954 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\gadgetbox.exe

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:iijhXIS1s0J1dkXwXkS4X2OU/elh7Cl6Zd55ToT++OnPv8atHXWUoX9/pQIFz4M:i8X51KwR4C/kh7CIS++OnP3bot/pAM

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9841

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file gadgetbox.exe has been seen being distributed by the following 4 URLs.

http://i1.stylefun.info/.../gadgetbox.exe

http://i1.proffiiget.in/.../gadgetbox.exe

Remove gadgetbox.exe - Powered by Reason Core Security