dropbox.exe

Macogosol

PlatformPrompt (Alpha Criteria Ltd.)

The application dropbox.exe, “Macogosol Setup ” by PlatformPrompt (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The installer is marketed through download protals and search ads as Dropbox but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
PlatformPrompt (Alpha Criteria Ltd.)  (signed and verified)

Product:
Macogosol

Description:
Macogosol Setup

MD5:
6dc710377dc262b30b5038883eaf4300

SHA-1:
f880e154f46678627725b0319b5c6c51f31c94c8

SHA-256:
b67454b1806a4a19059c76d10c5d584e23dca2bd6ca839a6824d75842df39a7c

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/26/2024 3:00:23 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
16.8.10.17

File size:
964.1 KB (987,192 bytes)

Product version:
3.4

Copyright:
Wizard

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 7:17:26 AM

Valid to:
9/2/2016 7:02:46 AM

Subject:
CN=PlatformPrompt (Alpha Criteria Ltd.), O=PlatformPrompt (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112111817CD313A533F2A76178D4452F81A6

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:Owiq/gQ33zXx1H+LrOdYSfUQStlImQnISsIt:OdcgQ33jqISHIFjsq

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9101

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file dropbox.exe has been seen being distributed by the following 2 URLs.

http://www.softwaresharetoday.com/7ZioYq9UjTRuaSZjWPIgRHwB3YuNaJLzmuM3esNeOElG_4STvOEoHsB6 1VGfw7h34fh_pDyedbccrmRQvt9_ND7FJysZ3QDiMu9xlQrznaXpYHWhj2pdURzL3ohPJcQRxjtObk5Uj1dPgSSUfb7p7QO8ZafsaJYjB4Jsr LWKFjgAt0CiKP2u_lNuDfGWOc8ABgXnwilwXriKzBZcKTIro 8hBz0PBiKGOkXbxUPoHLgFTJkRaLInJ09XKjf8 zI4MYQ5L7P9OPo0rbNH_N0deAovQCWenJtHLFlE_KMKnGWNpNMhKJTTAXOIcI8UqvemZ1V7r6Mb3EXDEaNT Av6CPEPCDiEy6bwf_j4b8158cxaRCvfbdldb2KsX0wKhVjgvNgkd_DzYG2CIdqWTfcQIViJc68FjN3M2updkTGkPlpuiSVuuru 5vV6Q2TSv8bTDPkH5yrRV3W0yyI8GMF_hUltkF2gzb IUHfEGLDJxfa21 axse mefq6ss_BTr4DrrVb_7-G04AAGRwXmuL2wFGqAIChxywfxcKAw3Q6mzrPu3ve19C_MJhXbd6NkoSIW0iHZu_Ua9b3gNz8Lc0YqMJi_LZsPm7uD_QyDjF4gROsxgH

Remove dropbox.exe - Powered by Reason Core Security