Hash comparison

S

sTByte

New member
Hello everyone!
I'm really sorry for that question but I couldn't find similar thread here.
I am a system administrator in small company and we do not use Sandboxie at all. But now there is Sanboxie Service wants to run on important computer and I'm not really sure that it's not kind of Phishing.
So I want to compare Hash information of my Sandboxie Service with official one. But I couldn't find any hash information on the official cite.
Could you please write in the comments the hash if you don't mind.

This is what I got on my computer:
About hash:
C:\WINDOWS\system32>certutil -hashfile "C:\Users\User\AppData\Roaming\Sandboxie\sandboxie.exe" SHA256
Хэш SHA256 C:\Users\User\AppData\Roaming\Sandboxie\sandboxie.exe:
1a817d92aef6111c6dfd462753d0cf462a6c99b62dc6f440f7bb0dbdfb588fb0
CertUtil: -hashfile — команда успешно выполнена.
Click to expand...

About sertificate:
1742444487657.png


About process and what it wants to do:
C:\WINDOWS\system32>tasklist /v | find "sandboxie.exe"
sandboxie.exe 9840 Console 2 5 060 КБ Unknown COMPANY\User 0:00:08 Н/Д

C:\WINDOWS\system32>wmic process where "name='sandboxie.exe'" get CommandLine
CommandLine
"C:\Users\User\AppData\Roaming\Sandboxie\sandboxie.exe"
Click to expand...
 
Last edited:
The HASH value you wrote matches SbieSvc.exe in Sandboxie Plus 1.15.4 64-bit version, but why it is named sandboxie.exe is suspicious. Use the original installer from the Github relase page, otherwise do not trust installer files that come from unknown sources. There may be other malicious programs added to them.

To check the HASH value:
  1. Download: https://github.com/sandboxie-plus/Sandboxie/releases/download/v1.15.4/Sandboxie-Plus-x64-v1.15.4.exe
  2. Extract as portable
  3. Calculate the hash of SbieSvc.exe

Code: 
0886744b57627ec54f9b7ef6602b01351104896fab4a9c7b2fa7ad96aa14e55e  32/SbieDll.dll
2150bb77c046bc8e3aebb0fbc4d49aaff9b3b3a723c785378c6047751b0df2b0  32/SbieDll.pdb
d4b904023f8bc898c18617f5e7e7ef57801aa02743983784d483ddeff3617326  32/SbieSvc.exe
ae48eb8f119676c7118b3ff69897090a6d8a799e7964ade1dc856f90185a4337  platforms/qdirect2d.dll
914a72097c6d106e750bd5c80fa30d0258de49f11b83b7b11600341e6a630f2b  platforms/qminimal.dll
6ba193edbd4c0c7477b6e789b0dc6c4fc939024ce985304c4d506ac3c7475aca  platforms/qoffscreen.dll
ce79f79417a51710b7f7288df829a8bcdcd4dd9182d1574e2d48c31f7d6cb836  platforms/qwindows.dll
2ab37eaf61e6059657b9b18bdadf2ff7f0d5e19f1451d0178bcd12874762e3ef  styles/qwindowsvistastyle.dll
b2dde43873c57f76feea79af0e814b900c64b3ad54979a7e44f0c9ec3b184620  7z.dll
a67cbc97d9f645424504772cdb2bc2e7efde61cd4d36776bf004591f4b63ba33  concrt140.dll
2f8cfffee98773f0711c44e8207bc66cf9b046bb99afa0e96c01c74f90282385  ImBox.exe
d60fbe5766a3204a041330c5172ff9100af0d0e80b904aadbced62f7dfd16750  KmdUtil.exe
093c7385be7e358946a6a6860a4bbb427546b73ba238bc70b0f347c339281a95  libcrypto-3-x64.dll
9ed908d6974891b6fd8e7ec8e0e4c83165c3d4293e7b211ffcb3f58eb1daf922  libssl-3-x64.dll
7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6  Manifest0.txt
de0167798a89a4b80ec2ccb4cb4ab95bfe4da2e91666f27fb83dcb75c71206ac  Manifest1.txt
55e7b42230dffab5e4f1a13476e888eea5850ec8ee121e23a7b1c48836299335  Manifest2.txt
2d782eb385561858d2639c516533dedecbe677fd52cf91af5521adff1568681a  MiscHelpers.dll
75872c426555ac8af55b5a7f6d4aea8831af74353b22612850a2bfc40e3b67e1  msvcp140.dll
9d6a0264a41ef8b3e758cfcced8ab3270c76211b75af6981c991b50cb00f2a85  msvcp140_1.dll
299d080f793e721d9d18a928c0cd137540b07053979ae19026892372cbe89a88  msvcp140_2.dll
ae430f3b65c5fc88643b30a344289bfda29811279379c1537cec19983c0938ae  msvcp140_atomic_wait.dll
9f05310a2330ee37b2f814c1d6ef40be553cc5bfd3f301b84dc221160f687f87  msvcp140_codecvt_ids.dll
5178072f0283065f32f1fbf49a990e25a41c6f89279c8406a5e8e8d5d81f1be2  QSbieAPI.dll
5b18f76dbebf379076f820b9e188b98d6fd162b0ebcfb5f66bc81cff46551a3c  Qt5Core.dll
9938479a35f110912bf014eea39cc7c03a572c1159c0772b9547429488c27a6e  Qt5Gui.dll
b7cf55ecbe426181844da0d4a22fc0949ef0146e65a5d62f7bd7fb7af0de82c7  Qt5Network.dll
4c259b28c0cb4d085dcea4a2452acae1f8a59d34a29536bf88e8d2406334a4b4  Qt5Qml.dll
d5cb720d7bc9a64a4b207749129b7cd4fa65791cc23a2dbb61b19295ccdea24c  Qt5Widgets.dll
07ac5f4e39d5e131b4304f486d110d19eeda0ef25a48d5273bc89354b24b056e  Qt5WinExtras.dll
83e2ebc032bd9cef9cdabea50cd22a42f1f53e6f0e0faed038f8b3fc9f02ea1c  qtsingleapp.dll
b0f9fc3f8b09ae0a8e960c42bf27c62e2e3fb1147760dc5ebb16afd909641cdf  Sandboxie-Plus.ini
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  Sandboxie.ini
00f4df0591797b98f97789c808fd1c65bffe48b5beabd717b3b42b7fd5a33eea  SandboxieBITS.exe
a0cf24acec011e84809b1c0e1f66dd4a9b103aded856d56e36f53e9f5ff24daf  SandboxieCrypto.exe
b449eb21711d241a123cb6a26b5f2b488ba36a4808be38d92be0b386bda96b93  SandboxieDcomLaunch.exe
2027cfca67b274121f6e6c9851001af2c9c62de762a4d4b2de05372da780ea27  SandboxieRpcSs.exe
d936502522989e320bde82f166dfbad13c4f24b44e1d9c331e485855822c86c1  SandboxieWUAU.exe
4c9d7d62e3a78ac33494c5acd58fbe8322e8772fb36975923dc71b74465c9070  SandMan.exe
6e24296612ca0adaf9b82f09c6ecffdd1945fd40b961cf61820841205f8b7a91  SandMan.exe.sig
ae3d71ae1373f677547e59e6b4e014a94f42831f1121b7514d6993353c14752c  SbieCtrl.exe
ad6c56425760aa401d47074367b795692d8aea9aaf140043251b62e1d4fb809e  SbieCtrl.exe.sig
d45f8ec69df2acfe096849a76b84a0dfff6c6c7dbd60efe33bac5fa6524349ad  SbieDll.dll
7f7ea02d3248d0bc65550608ef6c4fdcaffb0a8d4bc2862f9e4dc6e5b4dd4076  SbieDll.pdb
adf097c522d34d6db5dfa6d472935ed7d3e096d1043349d3e1a6a5043574a801  sbiedrv.cat
a84f6648a628078221eaf7d6d4b2a0620f221e3266462167f889ffaaabf534ec  SbieDrv.pdb
ca83d167abaa4e11194778a60aabe9cf7401cb2ad9caea9402e555c060e0fd8e  SbieDrv.sys
8f3853888324f4634de9a91c37084afbba7e2b6e717253bd086bbefe8367aaa1  SbieIni.exe
2a00f585fe1fc15c9e2c4048937e40fd10904abc94951f1f80f24fc12d9c6e22  SbieMsg.dll
4d82bc19432b22857c0a4ef61ef3c7ab1779935469650e5129e61db7a0d40fdb  SbieShellExt.dll
837ec38c25dd1fb5c53354698049c0c24a5f20322514dfa25606340d26b61a83  SbieShellPkg.msix
1a817d92aef6111c6dfd462753d0cf462a6c99b62dc6f440f7bb0dbdfb588fb0  SbieSvc.exe
cb49feea05d6917c02c24c79895abb716d8b236f4a51175847dff9a15d6ce992  SbieSvc.exe.sig
0a5b71794ed7da6657806182ebaeaf442bfd3cc3d73fe3aec0d5641f110dfd78  SboxHostDll.dll
77f58b8d8429b238baf2b6a8baa84ce175128bfbb6620d561512f568324f1c15  Start.exe
fd3319cd8d1127f5e08600f357f9b4e8e8c119d3f3f727a595a71e565321adc6  Start.exe.sig
2f4a788ebfa8d50cdbc80da0128aeee0c5a759b535dc74d459e12c10e389d458  Templates.ini
6ff731ced06cdd6c1938fbd98c220519650d281aca9d4a86ea7fd21a0b11c0a4  translations.7z
cefc6aed6e2328d93bcaaac949b6e47b24e2857b10bb0c8e3a8cdbd66d2d82b8  troubleshooting.7z
812fa0f3883450bd4eb59008c7bb8caa1a5d6419f12ace9d5c37950866ceddb3  UGlobalHotkey.dll
3b0d84f4628dd3c23b5747dfcc2c34482b0bb0cc57d602afd5bcbaf6b5b295e7  UpdUtil.exe
5fe710c3a6f2a280ab8176bae193780f209d08d04babafd58501cd733b4e81c3  vccorlib140.dll
270ba17bf89cc2eb6e6ce536eb78e4614ab5499f653ab7e07fe9e3d33bf3b6e3  vcruntime140.dll
f3754fc6ec87bcf84e05f3287b5de7bd305a30a0e1db7d478cb6353600682784  vcruntime140_1.dll

https://www.virustotal.com/gui/file/1a817d92aef6111c6dfd462753d0cf462a6c99b62dc6f440f7bb0dbdfb588fb0/details
 
Last edited:
offhub said:
The HASH value you wrote matches SbieSvc.exe in Sandboxie Plus 1.15.4 64-bit version, but why it is named sandboxie.exe is suspicious. Use the original installer from the Github relase page, otherwise do not trust installer files that come from unknown sources. There may be other malicious programs added to them.

To check the HASH value:
  1. Download: https://github.com/sandboxie-plus/Sandboxie/releases/download/v1.15.4/Sandboxie-Plus-x64-v1.15.4.exe
  2. Extract as portable
  3. Calculate the hash of SbieSvc.exe

Code: 
0886744b57627ec54f9b7ef6602b01351104896fab4a9c7b2fa7ad96aa14e55e  32/SbieDll.dll
2150bb77c046bc8e3aebb0fbc4d49aaff9b3b3a723c785378c6047751b0df2b0  32/SbieDll.pdb
d4b904023f8bc898c18617f5e7e7ef57801aa02743983784d483ddeff3617326  32/SbieSvc.exe
ae48eb8f119676c7118b3ff69897090a6d8a799e7964ade1dc856f90185a4337  platforms/qdirect2d.dll
914a72097c6d106e750bd5c80fa30d0258de49f11b83b7b11600341e6a630f2b  platforms/qminimal.dll
6ba193edbd4c0c7477b6e789b0dc6c4fc939024ce985304c4d506ac3c7475aca  platforms/qoffscreen.dll
ce79f79417a51710b7f7288df829a8bcdcd4dd9182d1574e2d48c31f7d6cb836  platforms/qwindows.dll
2ab37eaf61e6059657b9b18bdadf2ff7f0d5e19f1451d0178bcd12874762e3ef  styles/qwindowsvistastyle.dll
b2dde43873c57f76feea79af0e814b900c64b3ad54979a7e44f0c9ec3b184620  7z.dll
a67cbc97d9f645424504772cdb2bc2e7efde61cd4d36776bf004591f4b63ba33  concrt140.dll
2f8cfffee98773f0711c44e8207bc66cf9b046bb99afa0e96c01c74f90282385  ImBox.exe
d60fbe5766a3204a041330c5172ff9100af0d0e80b904aadbced62f7dfd16750  KmdUtil.exe
093c7385be7e358946a6a6860a4bbb427546b73ba238bc70b0f347c339281a95  libcrypto-3-x64.dll
9ed908d6974891b6fd8e7ec8e0e4c83165c3d4293e7b211ffcb3f58eb1daf922  libssl-3-x64.dll
7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6  Manifest0.txt
de0167798a89a4b80ec2ccb4cb4ab95bfe4da2e91666f27fb83dcb75c71206ac  Manifest1.txt
55e7b42230dffab5e4f1a13476e888eea5850ec8ee121e23a7b1c48836299335  Manifest2.txt
2d782eb385561858d2639c516533dedecbe677fd52cf91af5521adff1568681a  MiscHelpers.dll
75872c426555ac8af55b5a7f6d4aea8831af74353b22612850a2bfc40e3b67e1  msvcp140.dll
9d6a0264a41ef8b3e758cfcced8ab3270c76211b75af6981c991b50cb00f2a85  msvcp140_1.dll
299d080f793e721d9d18a928c0cd137540b07053979ae19026892372cbe89a88  msvcp140_2.dll
ae430f3b65c5fc88643b30a344289bfda29811279379c1537cec19983c0938ae  msvcp140_atomic_wait.dll
9f05310a2330ee37b2f814c1d6ef40be553cc5bfd3f301b84dc221160f687f87  msvcp140_codecvt_ids.dll
5178072f0283065f32f1fbf49a990e25a41c6f89279c8406a5e8e8d5d81f1be2  QSbieAPI.dll
5b18f76dbebf379076f820b9e188b98d6fd162b0ebcfb5f66bc81cff46551a3c  Qt5Core.dll
9938479a35f110912bf014eea39cc7c03a572c1159c0772b9547429488c27a6e  Qt5Gui.dll
b7cf55ecbe426181844da0d4a22fc0949ef0146e65a5d62f7bd7fb7af0de82c7  Qt5Network.dll
4c259b28c0cb4d085dcea4a2452acae1f8a59d34a29536bf88e8d2406334a4b4  Qt5Qml.dll
d5cb720d7bc9a64a4b207749129b7cd4fa65791cc23a2dbb61b19295ccdea24c  Qt5Widgets.dll
07ac5f4e39d5e131b4304f486d110d19eeda0ef25a48d5273bc89354b24b056e  Qt5WinExtras.dll
83e2ebc032bd9cef9cdabea50cd22a42f1f53e6f0e0faed038f8b3fc9f02ea1c  qtsingleapp.dll
b0f9fc3f8b09ae0a8e960c42bf27c62e2e3fb1147760dc5ebb16afd909641cdf  Sandboxie-Plus.ini
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  Sandboxie.ini
00f4df0591797b98f97789c808fd1c65bffe48b5beabd717b3b42b7fd5a33eea  SandboxieBITS.exe
a0cf24acec011e84809b1c0e1f66dd4a9b103aded856d56e36f53e9f5ff24daf  SandboxieCrypto.exe
b449eb21711d241a123cb6a26b5f2b488ba36a4808be38d92be0b386bda96b93  SandboxieDcomLaunch.exe
2027cfca67b274121f6e6c9851001af2c9c62de762a4d4b2de05372da780ea27  SandboxieRpcSs.exe
d936502522989e320bde82f166dfbad13c4f24b44e1d9c331e485855822c86c1  SandboxieWUAU.exe
4c9d7d62e3a78ac33494c5acd58fbe8322e8772fb36975923dc71b74465c9070  SandMan.exe
6e24296612ca0adaf9b82f09c6ecffdd1945fd40b961cf61820841205f8b7a91  SandMan.exe.sig
ae3d71ae1373f677547e59e6b4e014a94f42831f1121b7514d6993353c14752c  SbieCtrl.exe
ad6c56425760aa401d47074367b795692d8aea9aaf140043251b62e1d4fb809e  SbieCtrl.exe.sig
d45f8ec69df2acfe096849a76b84a0dfff6c6c7dbd60efe33bac5fa6524349ad  SbieDll.dll
7f7ea02d3248d0bc65550608ef6c4fdcaffb0a8d4bc2862f9e4dc6e5b4dd4076  SbieDll.pdb
adf097c522d34d6db5dfa6d472935ed7d3e096d1043349d3e1a6a5043574a801  sbiedrv.cat
a84f6648a628078221eaf7d6d4b2a0620f221e3266462167f889ffaaabf534ec  SbieDrv.pdb
ca83d167abaa4e11194778a60aabe9cf7401cb2ad9caea9402e555c060e0fd8e  SbieDrv.sys
8f3853888324f4634de9a91c37084afbba7e2b6e717253bd086bbefe8367aaa1  SbieIni.exe
2a00f585fe1fc15c9e2c4048937e40fd10904abc94951f1f80f24fc12d9c6e22  SbieMsg.dll
4d82bc19432b22857c0a4ef61ef3c7ab1779935469650e5129e61db7a0d40fdb  SbieShellExt.dll
837ec38c25dd1fb5c53354698049c0c24a5f20322514dfa25606340d26b61a83  SbieShellPkg.msix
1a817d92aef6111c6dfd462753d0cf462a6c99b62dc6f440f7bb0dbdfb588fb0  SbieSvc.exe
cb49feea05d6917c02c24c79895abb716d8b236f4a51175847dff9a15d6ce992  SbieSvc.exe.sig
0a5b71794ed7da6657806182ebaeaf442bfd3cc3d73fe3aec0d5641f110dfd78  SboxHostDll.dll
77f58b8d8429b238baf2b6a8baa84ce175128bfbb6620d561512f568324f1c15  Start.exe
fd3319cd8d1127f5e08600f357f9b4e8e8c119d3f3f727a595a71e565321adc6  Start.exe.sig
2f4a788ebfa8d50cdbc80da0128aeee0c5a759b535dc74d459e12c10e389d458  Templates.ini
6ff731ced06cdd6c1938fbd98c220519650d281aca9d4a86ea7fd21a0b11c0a4  translations.7z
cefc6aed6e2328d93bcaaac949b6e47b24e2857b10bb0c8e3a8cdbd66d2d82b8  troubleshooting.7z
812fa0f3883450bd4eb59008c7bb8caa1a5d6419f12ace9d5c37950866ceddb3  UGlobalHotkey.dll
3b0d84f4628dd3c23b5747dfcc2c34482b0bb0cc57d602afd5bcbaf6b5b295e7  UpdUtil.exe
5fe710c3a6f2a280ab8176bae193780f209d08d04babafd58501cd733b4e81c3  vccorlib140.dll
270ba17bf89cc2eb6e6ce536eb78e4614ab5499f653ab7e07fe9e3d33bf3b6e3  vcruntime140.dll
f3754fc6ec87bcf84e05f3287b5de7bd305a30a0e1db7d478cb6353600682784  vcruntime140_1.dll

https://www.virustotal.com/gui/file/1a817d92aef6111c6dfd462753d0cf462a6c99b62dc6f440f7bb0dbdfb588fb0/details
Click to expand...


Thank you very much!
 
It appears to be the case that someone (or a group) bundles SbieDll.dll with a renamed SbieSvc.exe. unarchiver.log might be present at C:\Users\user\AppData\Local\Temp\. The reason for this is unknown, but I suspect that it won't be something good.

If you have not installed Sandboxie, C:\Users\User\AppData\Roaming\Sandboxie is not supposed to exist. By default, the path (is supposed to be different for Sandboxie-Plus and) is not supposed to contain executable files. You should remove C:\Users\User\AppData\Roaming\Sandboxie and its contents, even without the intention to install Sandboxie. It seems to be a good advice to monitor the system for other items or changes.
 
You must log in or register to reply here.
Back
Top