offerboxhttpproxy.exe

OfferBoxHTTPProxy

Aedge Performance BCN, S.L.U.

The application offerboxhttpproxy.exe by Aedge Performance BCN, S.L.U has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program OfferBox by Aedge Performance BCN SL which is a potentially unwanted software program. While running, it connects to the Internet address 129.219.106.212.static.jazztel.es on port 80 using the HTTP protocol.
Publisher:
Aedge Performance BCN SL  (signed by Aedge Performance BCN, S.L.U.)

Product:
OfferBoxHTTPProxy

Version:
5, 5, 5480, 411

MD5:
7dc9799b627ad83caf81732d5d7e7c76

SHA-1:
2e0ea86d056c08cb9466a04b51b1baec04d86650

SHA-256:
913448c943c9e892a629b47c95ca6657be10256123988e7ef64eff3f350bb6ae

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/5/2024 8:17:46 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Adedge.AedgePerformanceBCNU (M)
16.1.6.10

File size:
173.4 KB (177,512 bytes)

Product version:
5, 5, 5480, 411

Copyright:
Copyright © 2011

File type:
Executable application (Win32 EXE)

Language:
Spanish (Spain, International Sort)

Common path:
C:\Program Files\offerbox\offerboxhttpproxy.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/15/2011 7:30:00 PM

Valid to:
6/15/2012 7:29:59 PM

Subject:
CN="Aedge Performance BCN, S.L.U.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Aedge Performance BCN, S.L.U.", L=BARCELONA, S=CATALUNYA, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
061F16F7D5994D184FAEB300004B0693

File PE Metadata
Compilation timestamp:
3/5/2012 12:57:21 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:drS+UNH8CMjxIqgkWnS23JvXjPCdovzeQw2zlo/VpDxzX:eNrGIqpW7JvTPCeeptX

Entry address:
0xD350

Entry point:
E8, A0, 5A, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 0C, 75, 1D, E8, 52, 0F, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, D5, 02, 00, 00, 83, C4, 14, 83, C8, FF, EB, 4D, 8B, 45, 08, 3B, C3, 74, DC, 56, 89, 45, E8, 89, 45, E0, 8D, 45, 10, 50, 53, FF, 75, 0C, 8D, 45, E0, 50, C7, 45, E4, FF, FF, FF, 7F, C7, 45, EC, 42, 00, 00, 00, E8, E1, 5C, 00, 00, 83, C4, 10, FF, 4D, E4, 8B, F0, 78, 07, 8B, 45, E0, 88, 18, EB, 0C, 8D, 45, E0, 50, 53, E8, BC, 5A, 00, 00, 59...
 
[+]

Code size:
129.5 KB (132,608 bytes)

The file offerboxhttpproxy.exe has been discovered within the following program.

OfferBox  by Aedge Performance BCN SL
It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine).
www.offerbox.com
71% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to wo02.es2.aedn.eu  (178.33.88.173:80)

TCP (HTTP):
Connects to wo01.es2.aedn.eu  (178.33.88.172:80)

TCP (HTTP):
Connects to md5.hackerwatch.org  (161.69.13.35:80)

TCP (HTTP):
Connects to ec2-23-23-129-47.compute-1.amazonaws.com  (23.23.129.47:80)

TCP (HTTP):
Connects to ec2-107-20-217-71.compute-1.amazonaws.com  (107.20.217.71:80)

TCP (HTTP):
Connects to cd.3e.559e.ip4.static.sl-reverse.com  (158.85.62.205:80)

TCP (HTTP):
Connects to a23-51-229-163.deploy.static.akamaitechnologies.com  (23.51.229.163:80)

TCP (HTTP):

TCP (HTTP):
Connects to a23-214-141-188.deploy.static.akamaitechnologies.com  (23.214.141.188:80)

TCP (HTTP):
Connects to a23-212-108-127.deploy.static.akamaitechnologies.com  (23.212.108.127:80)

TCP (HTTP):
Connects to 85.4e.2bd0.ip4.static.sl-reverse.com  (208.43.78.133:80)

TCP (HTTP):
Connects to 37-97-173-64.colo.transip.net  (37.97.173.64:80)

TCP (HTTP):
Connects to 129.219.106.212.static.jazztel.es  (212.106.219.129:80)

Remove offerboxhttpproxy.exe - Powered by Reason Core Security