offerboxsetup.exe

Aedge Performance BCN, S.L.U.

The application offerboxsetup.exe by Aedge Performance BCN, S.L.U has been detected as adware by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from vzbucket.appscion.com.
Publisher:
Aedge Performance BCN, S.L.U.  (signed and verified)

MD5:
3749be599056ed6728a01e704ae8c0a6

SHA-1:
64e3449a815e56e685f61058f9ff5b0bf9a3f810

SHA-256:
0042ef5f546bc49ae18a49fb4bcaebd4c64b60d8af5fb044b9bc8ad5dc5760db

Scanner detections:
5 / 68

Status:
Adware

Analysis date:
12/24/2024 3:16:25 PM UTC  (today)

Scan engine
Detection
Engine version

Malwarebytes
PUP.Optional.OfferBox.A
v2014.01.15.04

Reason Heuristics
PUP.Installer.AedgePerformanceBCNSLU.N
14.2.21.21

Rising Antivirus
NS:Malware.Install!1.9F21
23.00.65.14125

XVirus List
Win.Detected
2.3.31

File size:
183 KB (187,344 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\offerboxsetup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/16/2011 2:00:00 AM

Valid to:
6/16/2012 1:59:59 AM

Subject:
CN="Aedge Performance BCN, S.L.U.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Aedge Performance BCN, S.L.U.", L=BARCELONA, S=CATALUNYA, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
061F16F7D5994D184FAEB300004B0693

File PE Metadata
Compilation timestamp:
6/6/2009 11:41:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:BQIURTXJzFCoq9iwR3ATHbOdBaVEcQx3KKbrjbBsP1+VVAkiZ43aRf0Elw:BsqonwKPXQx/ts8VakiqKRMElw

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file offerboxsetup.exe has been seen being distributed by the following URL.

Remove offerboxsetup.exe - Powered by Reason Core Security