Prevx Research Division
KILLBOX.EXE
Currently being reviewedThe filename KILLBOX.EXE is used by objects that are classified as safe. It has not yet been seen to be associated with malicious software.
If you are concerned that your PC might be infected why not try our Free Prevx Scanner. It will thoroughly check your PC for millions of active Spyware and malware infections and takes less than 2 minutes. Don't put your confidential data, or your identity at risk, check your PC now with Prevx.
File Behavior
KILLBOX.EXE has been seen to perform the following behavior:
- The Process is packed and/or encrypted using a software packing process
- Executes a Process
- Registers a Dynamic Link Library File
- Adds products to the system registry
- This process creates other processes on disk
- This Process Deletes Other Processes From Disk
- Terminates Processes
- Violates Prevx File Security Settings
- Can communicate with other computer systems using HTTP protocols
- Writes to another Process's Virtual Memory (Process Hijacking)
- Injects code into other processes
- Looks at the contents of the autoexec.bat file
- Reads email address and phone book details
- Uses DNS to retrieve the IP address for web sites
- Uses your PC to connect to Chat rooms
- The Process is polymorphic and can change its structure
- Creates system tray popups, messages, errors and security warnings
- Found on infected systems and resists interrogation by security products
- Uses low level functions to hide itself from the user and from system/security processes
KILLBOX.EXE has been the subject of the following behavior:
- Deleted as a process from disk
- Executed as a Process
- Terminated as a Process
- Created as a process on disk
- Has code inserted into its Virtual Memory space by other programs
- Executed by Internet Explorer
Country Of Origin
The filename KILLBOX.EXE was first seen on May 13 2007 in the following geographical regions of the Prevx community:
- The United States on May 13 2007
- Denmark on Feb 20 2008
- Spain on Sep 2 2008
- Turkey on May 14 2013
File Name Aliases
KILLBOX.EXE can also use the following file names:
- KILLBOX[1].EXE
- KILLBOX-BETA.EXE
- NNLCWFIW.EXE
- KILLBOX_2.0.0.978_BETA.EXE
- KILLBOX-BETA[1].EXE
- BVSDB39A.EXE
- KILLBOX_BETA.EXE
- KILLBOX_[WWW.PROGRAMOSY.PL].EXE
- KILLBOX[n].EXE
- KILLBOX BETA.EXE
- KILLBOX2.EXE
- KILLBOX(n).EXE
- NERB5BD5930.EXE
- NER49C42826.EXE
- NERE0F03EFC.EXE
- NERAE1A7C4C.EXE
- NERA061543B.EXE
- NERDC03753A.EXE
- NER2BBF113D.EXE
- KILLBOX C NETSTAT -AN.EXE
- WYHUEYG5.EXE
- L3I6REAG.EXE
- DC18.EXE
- DC2.EXE
- DC46.EXE
- DC13.EXE
- DC50.EXE
- DC4.EXE
- DO66.EXE
- DC39.EXE
- DC9.EXE
- DC5.EXE
- DC7.EXE
- B510A435D01
- 3BB61C52D01
Filesizes
The following file size has been seen:
- 93,696 bytes
- 84,992 bytes
- 83,456 bytes
- 271,324 bytes
- 92,672 bytes
Vendor, Product and Version Information
Files with the name KILLBOX.EXE have been seen to have the following Vendor, Product and Version Information in the file header:
- Option*Explicit Software vbtechcd@gmail.com; Process & File Killer; 2.00.0978
- OptionxExplicit Software vbtechcd@gmail.; Process & File Killer; 2.00.0978
- Option*Explicit Software vbtechcd@gmail.; Process & File Killer; 2.00.0978
- Option*Explicit Software vbtechcd@gmail.com; Process & File Killer; 2.00.0648
- Option*Explicit Software vbtechcd@gmail; Process & File Killer; 2.00.0978
- Option*Explicit Software vbtechcd@gmail.c; Process & File Killer; 2.00.0978
File Type
The filename KILLBOX.EXE refers to many versions of an executable program.
File Activity
One or more files with the name KILLBOX.EXE creates, deletes, copies or moves the following files and folders:
- Opens/modifes c:\autoexec.bat
Network Activity
One or more files with the name KILLBOX.EXE performs the following network events:
- DNS Lookup210.245.211.11 proxim.ircgalaxy.pl
Website Activity
One or more files with the name KILLBOX.EXE interacts with the following web sites and pages. Web addresses have been deliberately modified to prevent unintentional use.
- TCP:210.245.211.11:65520 Port:35