offerbox-setup.exe

OfferBox

Aedge Performance BCN, S.L.U.

The application offerbox-setup.exe by Aedge Performance BCN, S.L.U has been detected as adware by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from app.offerbox.com.
Publisher:
Aedge Performance BCN SL  (signed by Aedge Performance BCN, S.L.U.)

Product:
OfferBox

Description:
OfferBox setup

Version:
6.1.5745.28

MD5:
f8828699768b9e90a9f15c50ac0a0842

SHA-1:
339e7175dbf7231db743d099219f81156cf7838f

SHA-256:
22137d944e120a419e7136494a2b7db5dc6b73f5e1521277bc8704a3c1db7107

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
11/5/2024 10:25:13 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/AdWare.OfferBox (variant)
8.9590

Malwarebytes
PUP.Optional.OfferBox.A
v2014.09.15.03

Reason Heuristics
PUP.Installer.Adedge
15.3.1.15

File size:
2.3 MB (2,445,728 bytes)

Copyright:
© Aedge Performance BCN SL

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\{582d5733-c719-4dd7-a28d-6d9614237856}\offerbox-setup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/16/2011 2:00:00 AM

Valid to:
6/16/2012 1:59:59 AM

Subject:
CN="Aedge Performance BCN, S.L.U.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Aedge Performance BCN, S.L.U.", L=BARCELONA, S=CATALUNYA, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
061F16F7D5994D184FAEB300004B0693

File PE Metadata
Compilation timestamp:
12/5/2009 11:53:18 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:qkgCrGrJVa1dwkFm62A3S3WDrk75RDE0c6s1zAFLDtZqL:KJ8dwKN3WMrk75RfZthQL

Entry address:
0x36A0

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 88, A7, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 53, FF, 15, 88, 82, 40, 00, 6A, 08, A3, B8, 63, 42, 00, E8, EE, 2E, 00, 00, A3, 04, 63, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, B0, 0C, 42, 00, FF, 15, 58, 81, 40, 00, 68, 10, A8, 40, 00, 68, 00, 5B, 42, 00, E8, F4, 29, 00, 00, FF, 15, B0, 80, 40, 00, BF, 00, C0, 42, 00, 50, 57, E8, E2, 29, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file offerbox-setup.exe has been seen being distributed by the following URL.

Remove offerbox-setup.exe - Powered by Reason Core Security