offerboxupdateservice.exe

OfferBox

Aedge Performance BCN, S.L.U.

The application offerboxupdateservice.exe by Aedge Performance BCN, S.L.U has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a windows Service named “OfferBox update service”. This file is typically installed with the program OfferBox by Aedge Performance BCN SL which is a potentially unwanted software program. While running, it connects to the Internet address wo02.es2.aedn.eu on port 80 using the HTTP protocol.
Publisher:
Aedge Performance BCN SL  (signed by Aedge Performance BCN, S.L.U.)

Product:
OfferBox

Version:
8, 1, 6076, 525

MD5:
8cfc95b210b25f3db473298d8546207a

SHA-1:
2b719a9840f89eac4a9b13c674bc84f6daee0e92

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 11:30:34 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Service.Adedge
15.3.1.15

File size:
328.8 KB (336,664 bytes)

Product version:
8, 1, 6076, 525

Copyright:
Copyright © 2009

File type:
Executable application (Win32 EXE)

Language:
Spagnolo (internazionale)

Common path:
C:\Program Files\offerbox\offerboxupdateservice.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
7/14/2014 2:00:00 AM

Valid to:
8/14/2015 1:59:59 AM

Subject:
CN="Aedge Performance BCN, S.L.U.", O="Aedge Performance BCN, S.L.U.", L=BARCELONA, S=CATALUNYA, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2B8586A1C0B4055887D7E36E1A8EB4E6

File PE Metadata
Compilation timestamp:
10/7/2014 2:49:40 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:GWyf29HUOZi8Z97YBTvb9MqcWEz9/OqwWPg7ZvZhEH/bY2nQcTBlV3JAQVU:5nY7MqYz9/8ZvZSHjYLcT3V3VC

Entry address:
0x219AD

Entry point:
E8, 24, A1, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, 1B, 1A, 42, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, 53, 83, 01, 00, 8B, 45, 0C, 8B, 40, 04, 83, E0, FD, 8B, 4D, 0C, 89, 41, 04, 64, 8B, 3D...
 
[+]

Code size:
241.5 KB (247,296 bytes)

Service
Display name:
OfferBox update service

Type:
Win32OwnProcess, InteractiveProcess


The file offerboxupdateservice.exe has been discovered within the following programs.

OfferBox  by Aedge Performance BCN SL
It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine).
www.offerbox.com
71% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to wo02.es2.aedn.eu  (178.33.88.173:80)

Remove offerboxupdateservice.exe - Powered by Reason Core Security