offerboxhttpproxy.exe

OfferBoxHTTPProxy

Aedge Performance BCN, S.L.U.

The application offerboxhttpproxy.exe by Aedge Performance BCN, S.L.U has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 56847 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program OfferBox by Aedge Performance BCN SL which is a potentially unwanted software program.
Publisher:
Aedge Performance BCN SL  (signed by Aedge Performance BCN, S.L.U.)

Product:
OfferBoxHTTPProxy

Version:
5, 4, 5121, 222

MD5:
cb2ccb97d236436ed2b0025736492afb

SHA-1:
2fcad3bfa3ab9a75b122846173368224d31f7f3e

SHA-256:
cba0b873307a03278ee3d07e0ed5e89f419ab59ba6422d21b9dbb1d4724c97ca

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/26/2024 12:54:51 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Adedge.AedgePerformanceBCNU
15.5.19.7

File size:
171.9 KB (175,976 bytes)

Product version:
5, 4, 5121, 222

Copyright:
Copyright © 2011

File type:
Executable application (Win32 EXE)

Language:
Spagnolo (Spagna, ordinamento internazionale)

Common path:
C:\Program Files\offerbox\offerboxhttpproxy.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/16/2011 2:00:00 AM

Valid to:
6/16/2012 1:59:59 AM

Subject:
CN="Aedge Performance BCN, S.L.U.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Aedge Performance BCN, S.L.U.", L=BARCELONA, S=CATALUNYA, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
061F16F7D5994D184FAEB300004B0693

File PE Metadata
Compilation timestamp:
1/16/2012 5:15:19 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:e89h7yEPYij04ds3+w4fRjkNvTwfyf4ZTKiPn/VJF3tI6:bZd24COwKkNvEfyQrlJpF

Entry address:
0xD126

Entry point:
E8, 9A, 5A, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 0C, 75, 1D, E8, 4C, 0F, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, CF, 02, 00, 00, 83, C4, 14, 83, C8, FF, EB, 4D, 8B, 45, 08, 3B, C3, 74, DC, 56, 89, 45, E8, 89, 45, E0, 8D, 45, 10, 50, 53, FF, 75, 0C, 8D, 45, E0, 50, C7, 45, E4, FF, FF, FF, 7F, C7, 45, EC, 42, 00, 00, 00, E8, DB, 5C, 00, 00, 83, C4, 10, FF, 4D, E4, 8B, F0, 78, 07, 8B, 45, E0, 88, 18, EB, 0C, 8D, 45, E0, 50, 53, E8, B6, 5A, 00, 00, 59...
 
[+]

Code size:
129 KB (132,096 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:56847/

Local host port:
56847

Default credentials:
No


The file offerboxhttpproxy.exe has been discovered within the following program.

OfferBox  by Aedge Performance BCN SL
It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine).
www.offerbox.com
71% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 51.208.106.212.static.jazztel.es  (212.106.208.51:80)

TCP (HTTP):
Connects to wo02.es2.aedn.eu  (178.33.88.173:80)

TCP (HTTP):
Connects to wo01.es2.aedn.eu  (178.33.88.172:80)

TCP (HTTP SSL):
Connects to ec2-54-85-176-188.compute-1.amazonaws.com  (54.85.176.188:443)

TCP (HTTP SSL):
Connects to ec2-52-6-82-78.compute-1.amazonaws.com  (52.6.82.78:443)

TCP (HTTP SSL):
Connects to d.v.dropbox.com  (108.160.172.225:443)

TCP (HTTP SSL):
Connects to client.v.dropbox.com  (108.160.172.204:443)

TCP (HTTP):
Connects to 91.219.106.212.static.jazztel.es  (212.106.219.91:80)

TCP (HTTP):
Connects to r-1.mailjet.com  (5.196.44.187:80)

TCP (HTTP):
Connects to nl.redir.opera.com  (82.145.215.91:80)

TCP (HTTP):
Connects to md5.hackerwatch.org  (161.69.13.35:80)

TCP (HTTP):
Connects to ec2-54-235-182-183.compute-1.amazonaws.com  (54.235.182.183:80)

TCP (HTTP):
Connects to ec2-54-154-109-8.eu-west-1.compute.amazonaws.com  (54.154.109.8:80)

TCP (HTTP):
Connects to ec2-52-50-196-247.eu-west-1.compute.amazonaws.com  (52.50.196.247:80)

TCP (HTTP):
Connects to ec2-52-30-226-196.eu-west-1.compute.amazonaws.com  (52.30.226.196:80)

TCP (HTTP):
Connects to a23-200-86-145.deploy.static.akamaitechnologies.com  (23.200.86.145:80)

TCP (HTTP):
Connects to a104-93-250-224.deploy.static.akamaitechnologies.com  (104.93.250.224:80)

Remove offerboxhttpproxy.exe - Powered by Reason Core Security