home

dropbox.exe

Mefal

BeamPlatform (New Media Holdings Ltd.)

The application dropbox.exe, “Mefal Setup ” by BeamPlatform (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The installer is marketed through download protals and search ads as Dropbox but will also install additional software offers which include adware, PUPs and browser toolbars. The file has been seen being downloaded from www.applicationsdeliveryupdate.com.
Publisher:
BeamPlatform (New Media Holdings Ltd.)  (signed and verified)

Product:
Mefal

Description:
Mefal Setup

MD5:
fb7b030f598fa8f514f47f1095589c38

SHA-1:
8b0f1c3219ad54c388fff84cb50c7d8332469a5c

SHA-256:
dcc66afd1c792392cb63cf09eb54b8fc603bc4a07ca763a993aa146f2acedd7f

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
1/13/2025 5:00:44 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewMedia.NMH (M)
17.3.3.12

File size:
1.4 MB (1,478,152 bytes)

Product version:
2.3

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads.exe

Digital Signature
Signed by:
BeamPlatform (New Media Holdings Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
3/16/2016 4:08:35 PM

Valid to:
5/23/2017 4:16:57 PM

Subject:
CN=BeamPlatform (New Media Holdings Ltd.), O=BeamPlatform (New Media Holdings Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121D8E01F3C9FE4D29F03B8E69514849785

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xAA98

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9882

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
40.5 KB (41,472 bytes)

The file dropbox.exe has been seen being distributed by the following URL.

http://www.applicationsdeliveryupdate.com/RcltbOP13vOPREqY a173DtIZF8WdpP32YMjdysAyNYdHc08qrmb7JEg8WBrmvy0QU6nySWKR8APEi5PhpJXzVsqevEy qZPy8aXwNlmvaFAcoybQwaAdeqkQnu3tzRGDhcHWylf1ON5sIXNenmQ8VTzI6ppJ FXxaRrTWOD5la6aS3zhvKX9BNAlR2vvMR8kvD9zKaH231IblOQyCIkQSFlvcxw2HOnPtPKrRsJ2 q_ImTIdhtC3yqpO dE4f81wujYl27fesPDC2m7bZEIGXfxn2iPDY8BGxq9QrNhcyW6PMXAp9NCSR8KkTYe3UAF3l62j4hf8vaOXxOOnGsCbwpshdMhTZKedEiWi1n1OecUBJ1KWSDyreBZMhPcFMIHMz_h1E5H5R_bpPVUdAv9JexNq Fy5iEkfrK3RuidN4U6Kv8aWPQtdgHZ02DkfvvCh4Fp JDP7 WSEpgI_ovGMVgXg Ntl1fK0lMNcArSaUax54tFKIRrFPAQkLmO6oN6DtswHlvOiuY730X2cLMhKb_l1MU1CexfmfSopoely_UUkdTp0 xjCRekvTUmsbkrQr0vwnodJdRoZC4KxKU0E5hM3rLsIA==-G0oAAES3eX4TNYK KwqEnihQyNzggD0MgrQowEFw2Bg7MyLJrYirRF3BLOP5IOS9_7GEFpJNl1iIlYh882TnigJpsDQ=

Remove dropbox.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.