| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | A74C1985D541E302ACF7EB49887E7137C35E3237 |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | 0c13ace5116c5fc0ba3be8d06caa4f68463ec1ee |
| MD5: | f1d8a2a0e4c25e7db06e4f975d9ce8ce |
| First Seen Date: | 2018-04-23 16:35:18.298250 ( ) |
| Number of Clients Seen: | 3 |
| Last Analysis Date: | 2018-04-23 16:35:18.298250 ( ) |
| Human Expert Analysis Date: | 2018-04-23 18:35:23.950760 ( ) |
| Human Expert Analysis Result: | Malware |
| Property | Value |
|---|---|
| magic literal enum | 3 |
| file type enum | 6 |
| debug artifacts | [{u'Path': u'mi_exe_stub.pdb\x00', u'GUID': u'{da9b22c7-8e67-4f49-9c4e-7d27a2360109}', u'timestamp': u'2017-01-13 19:55:44'}] |
| number of sections | 5 |
| trid | [[67.4, u'Win32 Executable MS Visual C++ (generic)'], [14.2, u'Win32 Dynamic Link Library (generic)'], [9.7, u'Win32 Executable (generic)'], [4.3, u'Generic Win/DOS Executable'], [4.3, u'DOS Executable Generic']] |
| compilation time stamp | 0x587930C0 [Fri Jan 13 19:55:44 2017 UTC] |
| LegalCopyright | Copyright: Dropbox, Inc. 2015 (Omaha Copyright Google Inc.) |
| InternalName | Dropbox Update Setup |
| FileVersion | 1.3.65.1 |
| CompanyName | Dropbox, Inc. |
| LanguageId | en |
| ProductName | Dropbox Update |
| ProductVersion | 1.3.65.1 |
| FileDescription | Dropbox Update Setup |
| OriginalFilename | DropboxUpdateSetup.exe |
| Translation | 0x0409 0x04b0 |
| entry point | 0x404aac (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 699362 |
| ssdeep | 12288:z/iSuVAsiFPybsPTRy0uYBKGpXh9ng6m/YDfO/ayupX4ecZvmH03AE:z/iRLiF6Y7RwYBXh9ngfAD2/0poLV+Gh |
| sha256 | 677ad16e8f80b7a9022b312b74aa2cf1057341a05e8c4952ef818bc073ce739f |
| exifinfo | [{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/0/c/1/3/0c13ace5116c5fc0ba3be8d06caa4f68463ec1ee', u'EXE:OriginalFileName': u'DropboxUpdateSetup.exe', u'EXE:ProductName': u'Dropbox Update', u'EXE:InternalName': u'Dropbox Update Setup', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2018:04:23 16:34:38+00:00', u'EXE:InitializedDataSize': 626176, u'File:FileModifyDate': u'2018:04:23 16:34:38+00:00', u'EXE:FileVersionNumber': u'1.3.65.1', u'EXE:FileVersion': u'1.3.65.1', u'File:FileSize': u'683 kB', u'EXE:CharacterSet': u'Unicode', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Windows NT 32-bit', u'EXE:ProductVersion': u'1.3.65.1', u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win32 EXE', u'EXE:CompanyName': u'Dropbox, Inc.', u'File:FileName': u'0c13ace5116c5fc0ba3be8d06caa4f68463ec1ee', u'EXE:ImageVersion': 0.0, u'EXE:LanguageId': u'en', u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 5.0, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'2017:01:13 19:55:44+00:00', u'EXE:FileFlagsMask': u'0x003f', u'EXE:LegalCopyright': u'Copyright: Dropbox, Inc. 2015 (Omaha Copyright Google Inc.)', u'EXE:LinkerVersion': 9.0, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/0/c/1/3', u'EXE:FileDescription': u'Dropbox Update Setup', u'EXE:EntryPoint': u'0x4aac', u'EXE:SubsystemVersion': 5.0, u'EXE:CodeSize': 48128, u'File:FileInodeChangeDate': u'2018:04:23 16:34:38+00:00', u'EXE:UninitializedDataSize': 0, u'EXE:LanguageCode': u'English (U.S.)', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'1.3.65.1'}] |
| mime type | application/x-dosexec |
| imphash | 959c9df12e2ee961f3fcecfec5f9b8d1 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0xbac2 | 0xbc00 | 6.67150253549 | 21c3add426a813db165efd2aba2e0b1a |
| .rdata | 0xd000 | 0x2a62 | 0x2c00 | 5.40445554324 | c0fd823401c140af007dbce2a6d4a243 |
| .data | 0x10000 | 0x191c | 0xe00 | 2.47997444427 | e6e7837972cb681f94abd93319824caa |
| .rsrc | 0x12000 | 0x93c9c | 0x93e00 | 7.94258401945 | 48b5820f630239be05c51f89f01b154f |
| .reloc | 0xa6000 | 0x150c | 0x1600 | 3.82527315923 | bb2ddca32513472b20628c4e21629288 |
-
KERNEL32.dll
- GetProcAddress
- ExitProcess
- WriteFile
- GetStdHandle
- GetModuleFileNameA
- FreeEnvironmentStringsA
- GetEnvironmentStrings
- FreeEnvironmentStringsW
- WideCharToMultiByte
- GetLastError
- GetEnvironmentStringsW
- SetHandleCount
- GetFileType
- DeleteCriticalSection
- TlsGetValue
- TlsAlloc
- TlsSetValue
- TlsFree
- InterlockedIncrement
- SetLastError
- GetCurrentThreadId
- InterlockedDecrement
- HeapCreate
- HeapDestroy
- VirtualFree
- HeapFree
- QueryPerformanceCounter
- GetTickCount
- GetCurrentProcessId
- GetSystemTimeAsFileTime
- LeaveCriticalSection
- EnterCriticalSection
- TerminateProcess
- Sleep
- UnhandledExceptionFilter
- IsDebuggerPresent
- LoadLibraryA
- InitializeCriticalSectionAndSpinCount
- GetCPInfo
- GetACP
- GetOEMCP
- IsValidCodePage
- HeapAlloc
- VirtualAlloc
- HeapReAlloc
- RtlUnwind
- HeapSize
- GetLocaleInfoA
- LCMapStringA
- MultiByteToWideChar
- LCMapStringW
- GetStringTypeA
- GetStringTypeW
- GetProcessHeap
- InitializeCriticalSection
- GetModuleHandleW
- SetUnhandledExceptionFilter
- GetStartupInfoA
- GetCurrentProcess
- GetCommandLineA
- GetTempFileNameW
- FindResourceExW
- FindResourceW
- LoadResource
- VerSetConditionMask
- SetFilePointerEx
- CreateDirectoryW
- SizeofResource
- FormatMessageW
- GetVersionExW
- GetModuleFileNameW
- CreateFileW
- lstrlenW
- GetTempPathW
- RaiseException
- VerifyVersionInfoW
- Process32FirstW
- LockResource
- RemoveDirectoryW
- Process32NextW
- CreateToolhelp32Snapshot
- CloseHandle
- DeleteFileW
- LocalFree
- CreateProcessW
- WaitForSingleObject
- GetExitCodeProcess
- GetStartupInfoW
- MapViewOfFile
- UnmapViewOfFile
- VirtualQuery
- CreateFileMappingW
- SetFilePointer
- ReadFile
-
SHLWAPI.dll
- PathQuoteSpacesW
-
ADVAPI32.dll
- OpenServiceW
- OpenSCManagerW
- CloseServiceHandle
- QueryServiceStatusEx
-
ole32.dll
- CoUninitialize
- CoInitializeEx
-
USER32.dll
- wvsprintfW
- CharLowerBuffW
- MessageBoxW
{u'lang': u'LANG_NEUTRAL', u'name': u'B', u'offset': 74904, u'sha256': u'4129d9a4f96c86e29bcd83f45599129ce693b4464a03ca0ac8e30a8b084bc7a6', u'type': u'LZMA compressed data, non-streamed, size 3135478', u'size': 561753}
{u'lang': u'LANG_NEUTRAL', u'name': u'GOOGLEUPDATE', u'offset': 636660, u'sha256': u'67abdd721024f0ff4e0b3f4c2fc13bc5bad42d0b7851d456d88d203d15aaa450', u'type': u'data', u'size': 4}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 636664, u'sha256': u'aa15cbe0c34485cc3bf56f8ff9e660cda329e621859a8d63286d2ccfb93a8d08', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1320}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 637984, u'sha256': u'698dea7755175a4111cfe5e2e5bee6ded2b1544fb22bcbd4137872007a92e85d', u'type': u'dBase IV DBT of @.DBF, block length 5120, next free block index 40, next free block 0, next used block 0', u'size': 5160}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 643144, u'sha256': u'f62b037921c27db308990ec27ba9a9287c0b8b1562478ac3da3e7652e9fed30a', u'type': u'data', u'size': 11560}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 654704, u'sha256': u'8b8d91d20611febc78b432c7d72908ca381171ddaf05bcf3197c4d790e0a067c', u'type': u'PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced', u'size': 12186}
{u'lang': u'LANG_CHINESE', u'name': u'RT_STRING', u'offset': 666892, u'sha256': u'547f6dda905f5d42fd834295879213990ca0a1986ea504b1271878a81f40a9bf', u'type': u'data', u'size': 274}
{u'lang': u'LANG_DANISH', u'name': u'RT_STRING', u'offset': 667168, u'sha256': u'1b7e5393f5368099a9f0caa0845468608b83070e397b4d6cf1ee68c619d3f69c', u'type': u'data', u'size': 538}
{u'lang': u'LANG_GERMAN', u'name': u'RT_STRING', u'offset': 667708, u'sha256': u'6adefb1585ef13026e71f3fbded4f9e620a46f0936c66fa5e1035f30b7ae5a73', u'type': u'data', u'size': 596}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_STRING', u'offset': 668304, u'sha256': u'1ff4babc697229f5e2eac814228e9f5af3381e7626ab2bd7f3328d92b34191e1', u'type': u'data', u'size': 422}
{u'lang': u'LANG_FRENCH', u'name': u'RT_STRING', u'offset': 668728, u'sha256': u'04b11f06c5cd333974df4d1780e2da9f75f4bd7950e5b048a787f6cd2187cda1', u'type': u'data', u'size': 714}
{u'lang': u'LANG_ITALIAN', u'name': u'RT_STRING', u'offset': 669444, u'sha256': u'03d7da87c37f069dfcb7cff48b0c1acb68d3d4fa3a59835923505c667878e4e5', u'type': u'data', u'size': 538}
{u'lang': u'LANG_JAPANESE', u'name': u'RT_STRING', u'offset': 669984, u'sha256': u'457eebbe606749eadf0ab1bbf05de975c024d7622ebcf116e0f010944c624017', u'type': u'data', u'size': 348}
{u'lang': u'LANG_KOREAN', u'name': u'RT_STRING', u'offset': 670332, u'sha256': u'808abda0443a9e446623dd3ae09ceb8c8c8ca9d6334c2f58d5ae7fe8fb66d097', u'type': u'data', u'size': 344}
{u'lang': u'LANG_DUTCH', u'name': u'RT_STRING', u'offset': 670676, u'sha256': u'333fc974a4edb251c74c15968091de2bb26b6ff23723369bcf35d5b1f24285f9', u'type': u'data', u'size': 560}
{u'lang': u'LANG_NORWEGIAN', u'name': u'RT_STRING', u'offset': 671236, u'sha256': u'63a6a706486c4672a50eee6f5fe8e301d65f90a011a4c44eb72b4c19b536d4cd', u'type': u'data', u'size': 526}
{u'lang': u'LANG_POLISH', u'name': u'RT_STRING', u'offset': 671764, u'sha256': u'32d56168e0e8c803719368ca2e2c6cd8955a2dc152bc67630e0c16dd17b0b884', u'type': u'data', u'size': 558}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_STRING', u'offset': 672324, u'sha256': u'a237ecc0ccf6561825d64009741b5a8d9a98119072149f923cfdf271f90588c2', u'type': u'data', u'size': 510}
{u'lang': u'LANG_RUSSIAN', u'name': u'RT_STRING', u'offset': 672836, u'sha256': u'badfad8dd14c1b74dbf1afbe3b884c490b4b9d3e512ef1929aa3d988a5471f1b', u'type': u'data', u'size': 596}
{u'lang': u'LANG_SWEDISH', u'name': u'RT_STRING', u'offset': 673432, u'sha256': u'0463adf8e4c4e918a3638b23b30376a754b47badc002db1ef74f90e9fad22017', u'type': u'data', u'size': 538}
{u'lang': u'LANG_THAI', u'name': u'RT_STRING', u'offset': 673972, u'sha256': u'e7aa199b16360ca9de0e4e7a9a1c1adb4d78c2532fab41f42c27616354268e78', u'type': u'data', u'size': 472}
{u'lang': u'LANG_INDONESIAN', u'name': u'RT_STRING', u'offset': 674444, u'sha256': u'bba01278b25392a894f0e3c60dd79b4b5d85d8f6aaf11d55a3eaa13c7e4a2c4a', u'type': u'data', u'size': 516}
{u'lang': u'LANG_UKRAINIAN', u'name': u'RT_STRING', u'offset': 674960, u'sha256': u'429bc067868eb1f6a72cb313eb038a902a45eb791f6af2db1faebb902c3a26b3', u'type': u'data', u'size': 522}
{u'lang': u'LANG_MALAY', u'name': u'RT_STRING', u'offset': 675484, u'sha256': u'00049702ad9b88c8c2ec3af1a581d07426eb7907e0482011f478c5cb49bccecb', u'type': u'data', u'size': 464}
{u'lang': u'LANG_CHINESE', u'name': u'RT_STRING', u'offset': 675948, u'sha256': u'8ea270bc53f5da3a294cb6b6f96ebd4d9e25a295040252199a32917caabb8379', u'type': u'data', u'size': 278}
{u'lang': u'LANG_SPANISH', u'name': u'RT_STRING', u'offset': 676228, u'sha256': u'f5620e9ec531d9dc17ca4bda7ae7ffa38394bc94d73bc78754f3d6361ec0b611', u'type': u'data', u'size': 602}
{u'lang': u'LANG_SPANISH', u'name': u'RT_STRING', u'offset': 676832, u'sha256': u'deaeda8830e40fcf7e3da9799c9cc056dda5498eb100333f6b2609bf4ebbc66d', u'type': u'data', u'size': 540}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_GROUP_ICON', u'offset': 677372, u'sha256': u'8817eafd6b4cc5ccc9c3e0a663793537047cc70f1107cabefa6cf036fd033a20', u'type': u'MS Windows icon resource - 4 icons, 16x16', u'size': 62}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_VERSION', u'offset': 677436, u'sha256': u'f7dbd758050b3833550c80360a361e6232e35a7991b5736bcc1d2c3b51509ae7', u'type': u'data', u'size': 892}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_MANIFEST', u'offset': 678328, u'sha256': u'89578403db056c3e309c1e6615864e5947209b60ffe08a7b05cbed9b8f309d85', u'type': u'XML 1.0 document, ASCII text', u'size': 738}