videoboxnetsetup_srdown.exe

VideoBox

Baidu (China) Co., Ltd.

The application videoboxnetsetup_srdown.exe, “VideoBox's Install Program” by Baidu (China) Co. has been detected as a potentially unwanted program by 37 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from static.ld.hao123.com. While running, it connects to the Internet address host-105.203.253.114.etisalat.com.eg on port 80 using the HTTP protocol.
Publisher:
Baidu Online Network Technology (Beijing) Co., Ltd.  (signed by Baidu (China) Co., Ltd.)

Product:
VideoBox

Description:
VideoBox's Install Program

Version:
1.8.7.566

MD5:
56d64582b62e955d9331cb648bd476dd

SHA-1:
f7e5e48f64395238a61c302530647a5cb4b45573

SHA-256:
5c040a571979cd49bf6efb0ffcd575e2e5ae666dfb26ee422ff0add6428346f6

Scanner detections:
37 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 5:14:50 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Agent.B
889

Agnitum Outpost
PUA.Agent
7.1.1

AhnLab V3 Security
14.08.29

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.147.26

avast!
Adware-gen [Adw]
2014.9-140829

AVG
Adware AdPlugin
2015.0.3367

Baidu Antivirus
Trojan.Win32.Clikug
4.0.3.14829

Bitdefender
Application.Bundler.Agent.B
1.0.20.1205

Clam AntiVirus
Win.Adware.Ibryte-592
0.98/19086

Comodo Security
Application.Win32.iBryte.WRP
18251

Dr.Web
Adware.iBryte.473
9.0.1.0241

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.145314
8.14.08.29.03

ESET NOD32
Win32/AdWare.iBryte.AR application
8.7.0.302.0

Fortinet FortiGate
W32/Zbot.AAN!tr
8/29/2014

F-Prot
W32/A-c255719d
v6.4.7.1.166

F-Secure
Application.Bundler.Agent
11.2014-29-08_6

G Data
Win32.Adware.Ibryte
14.8.24

IKARUS anti.virus
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.177.12013

Kaspersky
not-a-virus:Downloader.NSIS.Agent
14.0.0.3332

Malwarebytes
v2014.08.29.03

McAfee
Trojan.Artemis!2BDA97A3EE62
5600.7023

Microsoft Security Essentials
TrojanClicker:Win32/Clikug.A
1.10401

MicroWorld eScan
Application.Bundler.Agent.B
15.0.0.723

NANO AntiVirus
Trojan.Win32.Agent.cxjjsz
0.28.0.59608

nProtect
Adware.IBryte.Y
14.08.13.01

Panda Antivirus
Trj/Genetic.gen
14.08.29.03

Qihoo 360 Security
Malware.QVM10.Gen
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.8.29.15

Rising Antivirus
PE:Malware.iBryte!6.192B
23.00.65.14827

SUPERAntiSpyware
PUP.OptimumInstaller/Variant
10392

Trend Micro House Call
TROJ_CLIKUG.A
7.2.241

Trend Micro
TROJ_CLIKUG.A
10.465.29

Vba32 AntiVirus
3.12.26.0

VIPRE Antivirus
Threat.4778314
29418

Zillya! Antivirus
Adware.iBryte.Win32.854
2.0.0.1790

File size:
1 MB (1,049,744 bytes)

Product version:
1.8.7.566

Copyright:
Copyright (C) 2000-2014

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\videoboxnetsetup_srdown.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
2/22/2012 12:18:27 PM

Valid to:
2/22/2015 12:18:27 PM

Subject:
CN="Baidu (China) Co., Ltd.", O="Baidu (China) Co., Ltd.", L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121DF7675AAA08D1B49A83A480F14855D24

File PE Metadata
Compilation timestamp:
12/25/2013 8:01:32 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:N19X77QOFB5Sk1iQlnZflimuH6nQC/iOY+Rt4sPn4/3stBfjf1tbktatTBzJT:1X7UUBp1v9mmuH6nQCWPQfnktaTz5

Entry address:
0x31FD

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 14, C7, 44, 24, 10, D8, 92, 40, 00, 89, 6C, 24, 1C, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 71, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 08, A3, 58, 92, 42, 00, E8, 9F, 2E, 00, 00, A3, A4, 91, 42, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, 58, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, C0, 92, 40, 00, 68, A0, 81, 42, 00, E8, 0A, 2B, 00, 00, FF, 15, 38, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, F8, 2A, 00, 00...
 
[+]

Entropy:
7.3612

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file videoboxnetsetup_srdown.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to host-105.203.253.114.etisalat.com.eg  (105.203.253.114:80)

Remove videoboxnetsetup_srdown.exe - Powered by Reason Core Security