» installdropbox.exe
Overview
Analysis
File Details
Downloads (1)

installdropbox.exe

The application installdropbox.exe has been detected as a potentially unwanted program by 17 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from downloader2.downloadinfo.co a web site host known to distribute potentially unwanted software operated by Downloadinfo.

File name:

installdropbox.exe

MD5:

50897e3af2fa2e4af8721e25c7d19d07

SHA-1:

86713c17ca16d29da567b60a95b60d8d36d33b0b

SHA-256:

586891246b193e94de8490cd4304aa520f3d2388d5c21f2a618b033ef0feedb9

Scanner detections:

17 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/25/2024 11:47:03 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.InstallCore

7.1.1

avast!

Win32:Malware-gen

151028-1

AVG

Adware InstallCore.WH

2015.0.4460

Comodo Security

Application.Win32.InstallCore.KAU

23669

Dr.Web

Adware.InstallCore.133

9.0.1.05190

ESET NOD32

Win32/InstallCore.BY potentially unwanted application

7.0.302.0

F-Prot

W32/A-dbe1ec51

v6.4.7.1.166

K7 AntiVirus

Adware

13.212.17996

Malwarebytes

PUP.Optional.InstallCore

v2015.11.27.11

Microsoft Security Essentials

Threat.Undefined

1.211.1116.0

NANO AntiVirus

Riskware.Win32.InstallCore.dimzfh

0.30.26.4751

Qihoo 360 Security

QVM20.1.Malware.Gen

1.0.0.1077

Quick Heal

PUA.Quickdownl.Gen

11.15.14.00

Sophos

PUA 'Install Core'

5.15

Total Defense

Win32/InstallCore.A!generic

37.1.62.1

Vba32 AntiVirus

Downware.InstallCore

3.12.26.4

VIPRE Antivirus

Threat.4786018

45208

File size:

639.6 KB (654,960 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Common path:

C:\users\{user}\downloads\installdropbox.exe

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:QyMJfsG0f8Qe7AHvVhDiA1/NG4mYegrgqBjszwIAkr6s7N4l4r6ds:QyMJfsbTe7crf1oLhghBjsznAkrZ7xss

Entry address:

0x98CC

Entry point:

55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, FA, 97, FF, FF, E8, 01, AA, FF, FF, E8, 2C, CC, FF, FF, E8, 73, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 76, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 2C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D8, BD, 40, 00, E8, AB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D8, BD, 40, 00, B2, 01, B8... 
[+]

Entropy:

7.8194

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

36 KB (36,864 bytes)

The file installdropbox.exe has been seen being distributed by the following URL.

http://downloader2.downloadinfo.co/download.php?id=d5cda77352c277a028ee255f7e5c489691770fb1&z=0&p=eyJweSI6ImRpIiwicnMiOiJnb29nbGUiLCJydCI6InNlYXJjaCIsImMiOiJ1cyIsIm8iOiJ3aW43IiwiYiI6ImNoMzEiLCJ1X2lkIjoiZGlfNTJhN2I0OWYzZDA0YzQuNDExMjAyOTUiLCJwYV9pZCI6IjAiLCJzdF9pZCI6IjAiLCJzcF9pZCI6IjAwMDAtMDAwMCIsInRzIjoxMzg2NzIyNDgxLCJrdyI6ImZyZWUgZHJvcGJveGRvd25sb2FkIiwiY3UiOiJkcm9wYm94IGRvd25sb2FkIiwiY2EiOm51bGx9

Remove installdropbox.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.