offerbox-setup.exe

OfferBox Browser

Secure Digital Services Limited

The application offerbox-setup.exe, “OfferBox Browser setup” by Secure Digital Services Limited has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This malware displays offers based on the user's web browsing habits and may display advertisements in a pop-under window. The file has been seen being downloaded from app.offerbox.com a web site host known to distribute potentially unwanted software operated by Aedge Performance BCN, S.L.U..
Publisher:
Secure Digital Services Limited  (signed and verified)

Product:
OfferBox Browser

Description:
OfferBox Browser setup

Version:
2.1.3262.95

MD5:
f131cf481829b101027562ce97f2ce4e

SHA-1:
8f7749e56ce3acba9ced3c3cca82f19f421265c7

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 10:39:58 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Clodb12.Trojan
1.3.0.4959

ESET NOD32
Win32/AdWare.OfferBox (variant)
10.9857

K7 AntiVirus
Unwanted-Program
13.178.12212

Malwarebytes
PUP.Optional.OfferBox.A
v2016.01.28.06

Microsoft Security Essentials
Adware:Win32/OfferBoxBrowser
1.163.1557.0

Reason Heuristics
PUP.OfferBox.SecureDigitalServices.Installer (M)
16.1.28.18

Sophos
Generic PUA CH
4.98

Trend Micro House Call
ADW_OFFERBOX
7.2.28

Trend Micro
ADW_OFFERBOX
10.465.28

File size:
1.2 MB (1,265,392 bytes)

Copyright:
© Secure Digital Services Limited

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\{582d5733-c719-4dd7-a28d-6d9614237856}\offerbox-setup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
11/16/2009 1:00:00 AM

Valid to:
11/17/2011 12:59:59 AM

Subject:
CN=Secure Digital Services Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Secure Digital Services Limited, L=Dublin, S=Dublin, C=IE

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3B62DC3672D1D2047D8974361B53ECE7

File PE Metadata
Compilation timestamp:
12/24/2007 10:04:24 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:O+qysMp8Ab5W16MhBrTA5FRkXtpsXkqNocWcwD3vmYeza2xXnD7jj:Oan7to7AFEcXkqNscwD/mHza2FnDHj

Entry address:
0x3225

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 90, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, B8, 3F, 42, 00, E8, F9, 2A, 00, 00, A3, 04, 3F, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, B8, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 18, 92, 40, 00, 68, 00, 37, 42, 00, E8, B0, 27, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 9E, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file offerbox-setup.exe has been seen being distributed by the following URL.

Remove offerbox-setup.exe - Powered by Reason Core Security