× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7e303b1e2b12552058a9c31e8b8ccc6c06233530a70794c980455a1f6ef08beb
File name: Dropbox Update Setup
Detection ratio: 0 / 62
Analysis date: 2017-07-17 14:16:06 UTC ( 1 year, 7 months ago )
Antivirus Result Update
Ad-Aware 20170717
AegisLab 20170717
AhnLab-V3 20170717
Alibaba 20170717
ALYac 20170717
Antiy-AVL 20170717
Arcabit 20170717
Avast 20170717
AVG 20170717
Avira (no cloud) 20170717
AVware 20170717
Baidu 20170717
BitDefender 20170717
Bkav 20170717
CAT-QuickHeal 20170717
ClamAV 20170717
CMC 20170717
Comodo 20170717
CrowdStrike Falcon (ML) 20170710
Cylance 20170717
Cyren 20170717
DrWeb 20170717
Emsisoft 20170717
Endgame 20170713
ESET-NOD32 20170717
F-Prot 20170717
F-Secure 20170717
Fortinet 20170629
GData 20170717
Ikarus 20170717
Sophos ML 20170607
Jiangmin 20170717
K7AntiVirus 20170717
K7GW 20170717
Kaspersky 20170717
Kingsoft 20170717
Malwarebytes 20170717
MAX 20170717
McAfee 20170717
McAfee-GW-Edition 20170717
Microsoft 20170717
eScan 20170717
NANO-Antivirus 20170717
nProtect 20170717
Palo Alto Networks (Known Signatures) 20170717
Panda 20170717
Qihoo-360 20170717
Rising 20170717
SentinelOne (Static ML) 20170516
Sophos AV 20170717
SUPERAntiSpyware 20170717
Symantec 20170717
Symantec Mobile Insight 20170717
Tencent 20170717
TheHacker 20170717
TotalDefense 20170717
TrendMicro 20170717
TrendMicro-HouseCall 20170717
Trustlook 20170717
VBA32 20170717
VIPRE 20170717
ViRobot 20170717
WhiteArmor 20170713
Yandex 20170714
Zillya 20170717
ZoneAlarm by Check Point 20170717
Zoner 20170717
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright: Dropbox, Inc. 2015 (Omaha Copyright Google Inc.)

Product Dropbox Update
Original name DropboxUpdateSetup.exe
Internal name Dropbox Update Setup
File version 1.3.39.1
Description Dropbox Update Setup
Signature verification Signed file, verified signature
Signing date 7:23 PM 4/8/2016
Signers
[+] Dropbox, Inc
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer DigiCert Assured ID Code Signing CA-1
Valid from 1:00 AM 6/26/2015
Valid to 1:00 PM 12/28/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 812B375B94E624E9C00781E485B1E362AE30EB44
Serial number 01 7C A1 9B 58 59 E8 3F 44 D8 74 C1 CE 50 6E 6D
[+] DigiCert Assured ID Code Signing CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 PM 2/11/2011
Valid to 1:00 PM 2/10/2026
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 409AA4A74A0CDA7C0FEE6BD0BB8823D16B5F1875
Serial number 0F A8 49 06 15 D7 00 A0 BE 21 76 FD C5 EC 6D BD
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-26 17:07:30
Entry Point 0x00004AA5
Number of sections 5
PE sections
Overlays
MD5 5f912943bcc9513508a9a05fc5ee9a45
File type data
Offset 71445504
Size 13720
Entropy 7.34
PE imports
OpenServiceW
CloseServiceHandle
OpenSCManagerW
QueryServiceStatusEx
GetStdHandle
WaitForSingleObject
HeapDestroy
VerifyVersionInfoW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
FreeEnvironmentStringsW
GetCPInfo
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
TlsGetValue
SetLastError
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
VerSetConditionMask
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointerEx
SetUnhandledExceptionFilter
TerminateProcess
VirtualQuery
GetCurrentThreadId
InterlockedIncrement
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
WriteFile
GetModuleFileNameW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
UnmapViewOfFile
LCMapStringA
GetEnvironmentStringsW
lstrlenW
Process32NextW
VirtualFree
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
Process32FirstW
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FindResourceExW
SizeofResource
IsValidCodePage
HeapCreate
FindResourceW
CreateProcessW
Sleep
VirtualAlloc
PathQuoteSpacesW
wvsprintfW
CharLowerBuffW
MessageBoxW
CoInitializeEx
CoUninitialize
Number of PE resources by type
RT_STRING 21
RT_ICON 4
B 1
GOOGLEUPDATE 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 7
NEUTRAL 3
SWEDISH 1
FRENCH 1
CHINESE SIMPLIFIED 1
SPANISH MODERN 1
INDONESIAN DEFAULT 1
DUTCH 1
SPANISH MEXICAN 1
MALAY MALAYSIA 1
NORWEGIAN BOKMAL 1
PORTUGUESE BRAZILIAN 1
KOREAN 1
ITALIAN 1
GERMAN 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
UKRAINIAN DEFAULT 1
CHINESE TRADITIONAL 1
THAI DEFAULT 1
RUSSIAN 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.3.39.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Dropbox Update Setup

CharacterSet
Unicode

InitializedDataSize
71396352

EntryPoint
0x4aa5

OriginalFileName
DropboxUpdateSetup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright: Dropbox, Inc. 2015 (Omaha Copyright Google Inc.)

FileVersion
1.3.39.1

LanguageId
en

TimeStamp
2016:02:26 18:07:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Dropbox Update Setup

ProductVersion
1.3.39.1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Dropbox, Inc.

CodeSize
48128

ProductName
Dropbox Update

ProductVersionNumber
1.3.39.1

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
File identification
MD5 fe757456a0af2ed96cb8e08cfedf7a77
SHA1 c5fabf8a9ab7b290841143274e927871e9390d26
SHA256 7e303b1e2b12552058a9c31e8b8ccc6c06233530a70794c980455a1f6ef08beb
ssdeep
1572864:TQ3hjwZUiwm2I6if2Vd+EcnrMwlLh1in02p/WLAAdTQ1To/jZEa:HUiwmdJ2VIEcwwF60u/WLvOGE

authentihash ef35201d0d31691e0a18002346a42c1919009d4da1ffcfbb8f968e56fa66af0e
imphash 959c9df12e2ee961f3fcecfec5f9b8d1
File size 68.1 MB ( 71459224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID DirectShow filter (50.7%)
Windows ActiveX control (29.3%)
InstallShield setup (10.8%)
Win64 Executable (generic) (6.9%)
Win32 Executable (generic) (1.1%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-04-08 20:03:49 UTC ( 2 years, 10 months ago )
Last submission 2017-02-17 08:24:01 UTC ( 2 years ago )
File names target.exe
dropboxInstall.exe
target.exe
dropboxInstall.exe
Dropbox Update Setup
Dropbox 3.18.1 Offline Installer.exe
Dropbox 3.18.1.exe
dropboxInstall.exe
Dropbox_3.18.1_Installer.exe
Dropbox [Version 3.18.1] [International].exe
dropboxInstall.exe
Dropbox 3.18.1 Offline Installer.exe
Dropbox 3.18.1 Offline Installer.exe
DropboxUpdateSetup.exe
Dropbox 3.18.1.exe
Dropbox-3.18.1-Offline-Installer.exe
7E303B1E2B12552058A9C31E8B8CCC6C06233530A70794C980455A1F6EF08BEB.exe
dropbox 3.18.1 offline installer.exe
jv16pt_setup.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!