home

dropbox.exe

Macogosol

PlatformPrompt (Alpha Criteria Ltd.)

The application dropbox.exe, “Macogosol Setup ” by PlatformPrompt (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The installer is marketed through download protals and search ads as Dropbox but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
PlatformPrompt (Alpha Criteria Ltd.)  (signed and verified)

Product:
Macogosol

Description:
Macogosol Setup

MD5:
6dc710377dc262b30b5038883eaf4300

SHA-1:
f880e154f46678627725b0319b5c6c51f31c94c8

SHA-256:
b67454b1806a4a19059c76d10c5d584e23dca2bd6ca839a6824d75842df39a7c

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/2/2024 7:12:26 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
16.8.10.17

File size:
964.1 KB (987,192 bytes)

Product version:
3.4

Copyright:
Wizard

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads.exe

Digital Signature
Signed by:
PlatformPrompt (Alpha Criteria Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 7:17:26 AM

Valid to:
9/2/2016 7:02:46 AM

Subject:
CN=PlatformPrompt (Alpha Criteria Ltd.), O=PlatformPrompt (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112111817CD313A533F2A76178D4452F81A6

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:Owiq/gQ33zXx1H+LrOdYSfUQStlImQnISsIt:OdcgQ33jqISHIFjsq

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9101

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file dropbox.exe has been seen being distributed by the following 2 URLs.

http://www.softwaresharetoday.com/7ZioYq9UjTRuaSZjWPIgRHwB3YuNaJLzmuM3esNeOElG_4STvOEoHsB6 1VGfw7h34fh_pDyedbccrmRQvt9_ND7FJysZ3QDiMu9xlQrznaXpYHWhj2pdURzL3ohPJcQRxjtObk5Uj1dPgSSUfb7p7QO8ZafsaJYjB4Jsr LWKFjgAt0CiKP2u_lNuDfGWOc8ABgXnwilwXriKzBZcKTIro 8hBz0PBiKGOkXbxUPoHLgFTJkRaLInJ09XKjf8 zI4MYQ5L7P9OPo0rbNH_N0deAovQCWenJtHLFlE_KMKnGWNpNMhKJTTAXOIcI8UqvemZ1V7r6Mb3EXDEaNT Av6CPEPCDiEy6bwf_j4b8158cxaRCvfbdldb2KsX0wKhVjgvNgkd_DzYG2CIdqWTfcQIViJc68FjN3M2updkTGkPlpuiSVuuru 5vV6Q2TSv8bTDPkH5yrRV3W0yyI8GMF_hUltkF2gzb IUHfEGLDJxfa21 axse mefq6ss_BTr4DrrVb_7-G04AAGRwXmuL2wFGqAIChxywfxcKAw3Q6mzrPu3ve19C_MJhXbd6NkoSIW0iHZu_Ua9b3gNz8Lc0YqMJi_LZsPm7uD_QyDjF4gROsxgH

http://www.softwaresharetoday.com/DKmLLDBmFgVs7s2C1KfxA75pEc6K8P1gkKsFIP8cUxEF7wVMuMd1Kh4_e0L1s8DkkKhmIYNbu99jVWvWESIWgIiESOKImi2ZqlLt34BPnky_W5V4tpXxhWg5gQIiKeX 35AM4gT230naroCN4IxcLvka2SdmTgMMeDWWAMWhASKy4AbhxmURwJc_PWyb2B5S_lWSs5y8CBABv12hWYgiyhFsX5iUnuPZ1es4kZGGrhcJus2ZFfTn0ayQI1NAUHQY_TBpC37WbWsSv7lazsWe6Lx80h N9z6qJSM7YAuD4J8UB9OmqaYtrpLcPFCXCyv5DgE8pnaX6rfQKEjXyki3i0m9o58BvmiXMakOmEnQM sYJRNaQ6SsJN30qddp4o1ureuoIuyJi0erNca0OrAKVzSNAFkkoHLZcB4Y Rhkyr98VsPK_a5m6TIAOkcTj4U4nhmYzqt fiY7Ec2 oAE19wMraMjyPG2J Q8xbZLPdu3dvaTPajpESwtdZsIYM9j1Ax0b1wqX7GS29tWE GpjzHd5O1PAGg==-G04AAGRgnq0tSsjkCQ45YP8uFAYaoNXZ1n06vd_XEuIXnI_j7DajFBmkTaRj_ l11to9IBJHJOaP0mNX_tcKvsbGYFeQHAKpgmcJGg=-e

Remove dropbox.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.