OfferBox.exe

OfferBox

Secure Digital Services Limited

The application OfferBox.exe by Secure Digital Services Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘OfferBox’. While running, it connects to the Internet address wo01.es2.aedn.eu on port 80 using the HTTP protocol.
Publisher:
Secure Digital Services  (signed by Secure Digital Services Limited)

Product:
OfferBox

Version:
1, 0, 0, 10

MD5:
889d5241d48928051841640aafb594ea

SHA-1:
7b1519ad2bf6a989664951f06151d7a9c55ea834

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/27/2024 2:25:19 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OfferBox.SecureDigitalServices (M)
16.1.8.12

File size:
613.6 KB (628,368 bytes)

Product version:
1, 0, 0, 10

Copyright:
Copyright © 2009

Original file name:
OfferBox.exe

File type:
Executable application (Win32 EXE)

Language:
Spagnolo (internazionale)

Common path:
C:\Program Files\offerbox\offerbox.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
11/16/2009 1:00:00 AM

Valid to:
11/17/2011 12:59:59 AM

Subject:
CN=Secure Digital Services Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Secure Digital Services Limited, L=Dublin, S=Dublin, C=IE

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3B62DC3672D1D2047D8974361B53ECE7

File PE Metadata
Compilation timestamp:
2/2/2010 9:55:31 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:01RfWYpnj7qGqoy4k2yXDCd0aqZ9xpeIlqa5h0C58n4nonNnNn0mtvG:015ZpVyXDCd0t/xQup0C5oM

Entry address:
0x2319E

Entry point:
E8, 2B, A7, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 55, 08, 53, 56, 57, 33, FF, 3B, D7, 74, 07, 8B, 5D, 0C, 3B, DF, 77, 1E, E8, 94, 00, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, BE, D4, FF, FF, 83, C4, 14, 8B, C6, 5F, 5E, 5B, 5D, C3, 8B, 75, 10, 3B, F7, 75, 07, 33, C0, 66, 89, 02, EB, D4, 8B, CA, 0F, B7, 06, 66, 89, 01, 41, 41, 46, 46, 66, 3B, C7, 74, 03, 4B, 75, EE, 33, C0, 3B, DF, 75, D3, 66, 89, 02, E8, 4B, 00, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, B3, 8B, FF, 55, 8B, EC, 8B, 45...
 
[+]

Code size:
224.5 KB (229,888 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
OfferBox

Command:
C:\Program Files\offerbox\offerbox.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to wo02.es2.aedn.eu  (178.33.88.173:80)

TCP (HTTP):
Connects to wo01.es2.aedn.eu  (178.33.88.172:80)

Remove OfferBox.exe - Powered by Reason Core Security