home

dropbox.exe

Dropbox

Install Manager

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application dropbox.exe, “Dropbox ” by Install Manager has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Adknowledge Fusion installer. The installer is marketed through download protals and search ads as Dropbox but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Install Manager   (signed by Install Manager)

Product:
Dropbox

Description:
Dropbox

Version:
2.0.77.0

MD5:
4780fa1465f907aa0790eb9f5d1d6611

SHA-1:
07165b173c24e321db99de48e6861695d2013d55

SHA-256:
b9c62a5a976517f88215f3783b5f688930d57f9cd637d674a0c27792077d025f

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/27/2024 12:35:15 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Adknowledge (M)
16.7.18.4

File size:
910.4 KB (932,240 bytes)

Product version:
2.0.77.0

Copyright:
(c) Install Manager

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads.exe

Digital Signature
Signed by:
Install Manager

Authority:
DigiCert Inc

Valid from:
8/7/2013 1:00:00 AM

Valid to:
8/11/2015 1:00:00 PM

Subject:
CN=Install Manager, O=Install Manager, L=Victoria, S=British Columbia, C=CA

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
06C0BBB90999729C33560EC18A203261

File PE Metadata
Compilation timestamp:
9/15/2014 9:00:43 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:ZAbDyNxOvS1s3zsvQOCJ6sfJADZZMTM8nbYwqh+u:ZQy8S1GzgQOCJlvTM8bYwqp

Entry address:
0x2A0C60

Entry point:
60, BE, 00, E0, 5C, 00, 8D, BE, 00, 30, E3, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.8724

Packer / compiler:
UPX 2.90LZMA

Code size:
844 KB (864,256 bytes)

The file dropbox.exe has been seen being distributed by the following URL.

http://www.downloadwizard.com/download_dropbox_uk.php

Remove dropbox.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.