dropbox.exe

Dropbox

Bechiro S.L.

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application dropbox.exe, “Dropbox AppInstaller” by Bechiro S.L has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. With this installer, users are expecting to download Dropbox but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Bechiro S.L.  (signed and verified)

Product:
Dropbox

Description:
Dropbox AppInstaller

Version:
3.0.17.6

MD5:
2f39995e3b0e5da39d9e5c4d3ba8bc8b

SHA-1:
34006c1c4eabe908898fd7a360956b1891520508

SHA-256:
5383c85a5e7fc6f879ef584248d724728f65ec7e6e3c09d8aa058aefc1cdb535

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the Solimba installer to bundle adware offers.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 5:41:21 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Solimba.Bechiro.Bundler (M)
16.7.7.19

File size:
281.9 KB (288,664 bytes)

Copyright:
AppInstaller 2013 (132260828)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Common path:
C:\users\{user}\downloads.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
6/12/2012 9:00:00 PM

Valid to:
6/13/2014 8:59:00 PM

Subject:
CN=Bechiro S.L., OU=Devel, O=Bechiro S.L., L=Barcelona, S=Barcelona, C=ES

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
738DCAC697C06E1B89D106073773010D

File PE Metadata
Compilation timestamp:
2/19/2012 12:01:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
6144:0saocyLC+gK42uR1SDFK0psSTP1Bfg5awZS82XaXD9bluX:0tob0N2uDiFJy2zfhwZS82XCDZluX

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Code size:
34.5 KB (35,328 bytes)

The file dropbox.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cdn.solimba.com  (95.211.6.35:80)

TCP (HTTP):
Connects to api.downloadmr.com  (95.211.39.161:80)

 
http://api.downloadmr.com/installer/741111558/launch

Remove dropbox.exe - Powered by Reason Core Security