× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b2176cd3fa29e7ed60ca823210b47e2c36343fc6e3b59ad00f61269062fbc930
File name: DropboxInstaller.exe
Detection ratio: 2 / 54
Analysis date: 2015-12-18 17:53:06 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
McAfee-GW-Edition BehavesLike.Win32.Suspicious.fc 20151218
Zillya Adware.OutBrowse.Win32.74144 20151218
Ad-Aware 20151218
AegisLab 20151218
Yandex 20151218
AhnLab-V3 20151218
Alibaba 20151208
ALYac 20151218
Antiy-AVL 20151218
Arcabit 20151218
Avast 20151218
AVG 20151218
Avira (no cloud) 20151218
AVware 20151218
Baidu-International 20151218
BitDefender 20151218
Bkav 20151218
ByteHero 20151218
CAT-QuickHeal 20151217
ClamAV 20151217
CMC 20151217
Comodo 20151218
Cyren 20151218
DrWeb 20151218
Emsisoft 20151218
ESET-NOD32 20151218
F-Prot 20151218
F-Secure 20151218
Fortinet 20151218
GData 20151218
Ikarus 20151218
Jiangmin 20151218
K7AntiVirus 20151218
K7GW 20151218
Kaspersky 20151218
Malwarebytes 20151218
McAfee 20151218
Microsoft 20151218
eScan 20151218
NANO-Antivirus 20151218
nProtect 20151218
Panda 20151218
Rising 20151218
Sophos AV 20151218
SUPERAntiSpyware 20151218
Symantec 20151217
Tencent 20151218
TheHacker 20151218
TrendMicro 20151218
TrendMicro-HouseCall 20151218
VBA32 20151217
VIPRE 20151218
ViRobot 20151218
Zoner 20151218
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Dropbox, Inc.

Publisher Dropbox
Product Dropbox
File version 3.4.3
Description Dropbox 3.4.3 Installer
Signature verification Signed file, verified signature
Signing date 7:39 PM 4/2/2015
Signers
[+] Dropbox
Status Valid
Issuer DigiCert SHA2 Assured ID Code Signing CA
Valid from 1:00 AM 1/16/2015
Valid to 1:00 PM 1/19/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint E8BE95CFF314C582E57BE675758006C250527DD3
Serial number 05 E2 6F 15 A8 88 A5 E5 23 47 32 0D 80 3C 8F A9
[+] DigiCert SHA2 Assured ID Code Signing CA
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 PM 10/22/2013
Valid to 1:00 PM 10/22/2028
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 92C1588E85AF2201CE7915E8538B492F605B80C6
Serial number 04 09 18 1B 5F D5 BB 66 75 53 43 B5 6F 95 50 08
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Counter signers
[+] COMODO Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 5/10/2010
Valid to 12:59 AM 5/11/2015
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Packers identified
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-04 21:44:03
Entry Point 0x00003B11
Number of sections 5
PE sections
Overlays
MD5 531479e58f840fafb058497306f7b266
File type data
Offset 87552
Size 268680
Entropy 8.00
PE imports
RegCreateKeyExW
RegEnumValueW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegEnumKeyW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
CreateFontIndirectW
SelectObject
CreateBrushIndirect
SetBkMode
SetBkColor
DeleteObject
SetTextColor
WaitForSingleObject
GetFileAttributesW
GetLocalTime
GetCurrentProcess
SetErrorMode
lstrcatW
WideCharToMultiByte
lstrcmpiA
GetDiskFreeSpaceW
WriteFile
FreeLibrary
GetExitCodeProcess
InitializeCriticalSection
OutputDebugStringW
FindClose
MoveFileW
GetFullPathNameW
OutputDebugStringA
GetEnvironmentVariableW
GetSystemTime
CopyFileW
GetModuleFileNameW
ExitProcess
lstrcmpiW
LoadLibraryExW
MultiByteToWideChar
GetPrivateProfileStringW
GetModuleHandleA
SetFileAttributesW
CreateThread
GetSystemDirectoryW
MulDiv
SearchPathW
GetVersion
SetCurrentDirectoryW
GlobalAlloc
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LoadLibraryW
GetVersionExW
SetEvent
GetTickCount
FlushFileBuffers
LoadLibraryA
GetWindowsDirectoryW
GetFileSize
OpenProcess
CreateDirectoryW
DeleteFileW
GlobalLock
GetTempFileNameW
CreateFileMappingW
lstrcpyW
GlobalReAlloc
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
lstrcpyA
FindFirstFileW
lstrcmpW
GetProcAddress
CreateEventW
CreateFileW
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
GetShortPathNameW
lstrlenA
GlobalFree
GlobalUnlock
lstrlenW
CompareFileTime
GetCurrentProcessId
SetFileTime
GetCommandLineW
WritePrivateProfileStringW
lstrcpynW
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetModuleHandleW
UnmapViewOfFile
GetTempPathW
CreateProcessW
Sleep
SHGetFolderPathW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
PathCombineW
EmptyClipboard
GetMessagePos
EndPaint
EndDialog
LoadBitmapW
SetClassLongW
DefWindowProcW
CharPrevW
PostQuitMessage
ShowWindow
SetWindowPos
SendMessageTimeoutW
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
SetWindowTextW
CharUpperW
DialogBoxParamW
AppendMenuW
IsWindowEnabled
GetDlgItemTextW
MessageBoxIndirectW
GetSysColor
RegisterClassW
DispatchMessageW
GetAsyncKeyState
BeginPaint
CreatePopupMenu
CheckDlgButton
SendMessageW
SetClipboardData
wsprintfW
IsWindowVisible
DestroyWindow
GetClassInfoW
SetTimer
GetDlgItem
SetForegroundWindow
SystemParametersInfoW
LoadImageW
EnableMenuItem
ScreenToClient
InvalidateRect
CreateDialogParamW
wsprintfA
CharNextW
CallWindowProcW
TrackPopupMenu
GetDC
FillRect
IsDlgButtonChecked
CharNextA
SetDlgItemTextW
LoadCursorW
GetSystemMenu
FindWindowExW
CreateWindowExW
GetWindowLongW
CloseClipboard
GetClientRect
DrawTextW
SetCursor
ExitWindowsEx
OpenClipboard
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
HttpSendRequestA
InternetConnectW
HttpOpenRequestA
InternetCloseHandle
HttpQueryInfoA
InternetOpenW
CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize
Number of PE resources by type
RT_DIALOG 20
RT_ICON 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 27
PE resources
ExifTool file metadata
LegalTrademarks
Dropbox is a trademark of Dropbox, Inc.

UninitializedDataSize
2048

LinkerVersion
9.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
3.4.3.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
ASCII

InitializedDataSize
158720

EntryPoint
0x3b11

MIMEType
application/octet-stream

LegalCopyright
Dropbox, Inc.

FileVersion
3.4.3

TimeStamp
2015:03:04 22:44:03+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

FileDescription
Dropbox 3.4.3 Installer

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Dropbox, Inc.

CodeSize
32768

ProductName
Dropbox

ProductVersionNumber
3.4.3.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 543b4e8dafbb0a59a7aef8e36ce95979
SHA1 a2f8e7e8589c079c5477ab0f08bd558393d0bdde
SHA256 b2176cd3fa29e7ed60ca823210b47e2c36343fc6e3b59ad00f61269062fbc930
ssdeep
6144:ak7MfTi6kyCpW85G3BIfzw4EVNlTXg0QvkqPcmFRcW88:ak7WkyCTU3irD4ljXQvkqkmn

authentihash 7a189026a85631339c252e516df8675e87df67257fa8ebb60f71252b794d2fe6
imphash 6d7ffe65c9c2ad7c109c5e2f28d1b7ef
File size 347.9 KB ( 356232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
nsis peexe signed overlay

VirusTotal metadata
First submission 2015-12-16 18:49:08 UTC ( 3 years, 1 month ago )
Last submission 2015-12-18 17:53:06 UTC ( 3 years, 1 month ago )
File names DropboxInstaller.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
DNS requests
TCP connections