| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | 73cc3a2d9846e4a98158e080cf58190d249796de85f334859ad89fd9cec293f7.exe |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | 04da8b89c7390f01818a0a5cb9a7f4ef368607b7 |
| MD5: | 6953452ad7d9e8a32b59afc707b11147 |
| First Seen Date: | 2023-08-10 18:16:54.992163 ( ) |
| Number of Clients Seen: | 3 |
| Last Analysis Date: | 2023-08-10 18:16:54.992163 ( ) |
| Human Expert Analysis Result: | No human expert analysis verdict given to this sample yet. |
| Property | Value |
|---|---|
| magic literal enum | 3 |
| file type enum | 6 |
| debug artifacts | [{u'Path': u'mi_exe_stub.pdb\x00', u'GUID': u'{47be1a06-c467-4ddb-afcb-3aa6e2e29ee8}', u'timestamp': u'2023-04-07 00:28:48'}] |
| number of sections | 5 |
| trid | [[42.2, u'Win32 Executable MS Visual C++ (generic)'], [37.3, u'Win64 Executable (generic)'], [8.8, u'Win32 Dynamic Link Library (generic)'], [6.0, u'Win32 Executable (generic)'], [2.7, u'Generic Win/DOS Executable']] |
| compilation time stamp | 0x642F63C0 [Fri Apr 7 00:28:48 2023 UTC] |
| LegalCopyright | Copyright: Dropbox, Inc. 2015 (Omaha Copyright Google Inc.) |
| InternalName | Dropbox Update Setup |
| FileVersion | 1.3.761.1 |
| CompanyName | Dropbox, Inc. |
| LanguageId | en |
| ProductName | Dropbox Update |
| ProductVersion | 1.3.761.1 |
| FileDescription | Dropbox Update Setup |
| OriginalFilename | DropboxUpdateSetup.exe |
| Translation | 0x0409 0x04b0 |
| entry point | 0x404c96 (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 788872 |
| ssdeep | 24576:O7eit0t9EsyC1XS64DbvYwdzv1n4WwwS6u3sK:O7eimfEsr1X/4wwbn4Wpi |
| sha256 | 73cc3a2d9846e4a98158e080cf58190d249796de85f334859ad89fd9cec293f7 |
| exifinfo | [{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/0/4/d/a/04da8b89c7390f01818a0a5cb9a7f4ef368607b7', u'EXE:OriginalFileName': u'DropboxUpdateSetup.exe', u'EXE:ProductName': u'Dropbox Update', u'EXE:InternalName': u'Dropbox Update Setup', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2023:08:10 18:16:19+00:00', u'EXE:InitializedDataSize': 728576, u'File:FileModifyDate': u'2023:08:10 18:16:19+00:00', u'EXE:FileVersionNumber': u'1.3.761.1', u'EXE:FileVersion': u'1.3.761.1', u'File:FileSize': u'770 kB', u'EXE:CharacterSet': u'Unicode', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Windows NT 32-bit', u'EXE:ProductVersion': u'1.3.761.1', u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win32 EXE', u'EXE:CompanyName': u'Dropbox, Inc.', u'File:FileName': u'04da8b89c7390f01818a0a5cb9a7f4ef368607b7', u'EXE:ImageVersion': 0.0, u'EXE:LanguageId': u'en', u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 5.0, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'2023:04:07 00:28:48+00:00', u'EXE:FileFlagsMask': u'0x003f', u'EXE:LegalCopyright': u'Copyright: Dropbox, Inc. 2015 (Omaha Copyright Google Inc.)', u'EXE:LinkerVersion': 9.0, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/0/4/d/a', u'EXE:FileDescription': u'Dropbox Update Setup', u'EXE:EntryPoint': u'0x4c96', u'EXE:SubsystemVersion': 5.0, u'EXE:CodeSize': 48640, u'File:FileInodeChangeDate': u'2023:08:10 18:16:19+00:00', u'EXE:UninitializedDataSize': 0, u'EXE:LanguageCode': u'English (U.S.)', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'1.3.761.1'}] |
| mime type | application/x-dosexec |
| imphash | 958c2a9b1453bda1d16ee4d06228bab6 |
| File Path on Client | Seen Count |
|---|---|
| 04da8b89c7390f01818a0a5cb9a7f4ef368607b7 | 1 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0xbcb2 | 0xbe00 | 6.6652747181 | 3860778f5779efc8591c093e44085a1f |
| .rdata | 0xd000 | 0x2ae4 | 0x2c00 | 5.4368053299 | 95e296e5c8c6376cccbd9404ba2bcb2c |
| .data | 0x10000 | 0x191c | 0xe00 | 2.48258261615 | b021e5ad7a13cc5ffe4115f9f8e19471 |
| .rsrc | 0x12000 | 0xaccd8 | 0xace00 | 7.95159280819 | 86030499f0e052bec9937f032ecaaf0a |
| .reloc | 0xbf000 | 0x1530 | 0x1600 | 3.86610822062 | a1cf57f9dbfb3eaf67c2f3aee2cd0bdc |
-
KERNEL32.dll
- GetProcAddress
- ExitProcess
- WriteFile
- GetStdHandle
- GetModuleFileNameA
- FreeEnvironmentStringsA
- GetEnvironmentStrings
- FreeEnvironmentStringsW
- WideCharToMultiByte
- GetLastError
- GetEnvironmentStringsW
- SetHandleCount
- GetFileType
- DeleteCriticalSection
- TlsGetValue
- TlsAlloc
- TlsSetValue
- TlsFree
- InterlockedIncrement
- SetLastError
- GetCurrentThreadId
- InterlockedDecrement
- HeapCreate
- HeapDestroy
- VirtualFree
- HeapFree
- QueryPerformanceCounter
- GetTickCount
- GetCurrentProcessId
- GetSystemTimeAsFileTime
- LeaveCriticalSection
- EnterCriticalSection
- TerminateProcess
- Sleep
- UnhandledExceptionFilter
- IsDebuggerPresent
- LoadLibraryA
- InitializeCriticalSectionAndSpinCount
- GetCPInfo
- GetACP
- GetOEMCP
- IsValidCodePage
- HeapAlloc
- VirtualAlloc
- HeapReAlloc
- RtlUnwind
- HeapSize
- GetLocaleInfoA
- LCMapStringA
- MultiByteToWideChar
- LCMapStringW
- GetStringTypeA
- GetStringTypeW
- GetProcessHeap
- InitializeCriticalSection
- ReadFile
- GetModuleHandleW
- SetUnhandledExceptionFilter
- GetStartupInfoA
- GetCurrentProcess
- GetCommandLineA
- GetTempFileNameW
- FindResourceExW
- FindResourceW
- LoadResource
- VerSetConditionMask
- SetFilePointerEx
- CreateDirectoryW
- SizeofResource
- FormatMessageW
- GetVersionExW
- GetModuleFileNameW
- CreateFileW
- lstrlenW
- GetTempPathW
- RaiseException
- VerifyVersionInfoW
- Process32FirstW
- LockResource
- RemoveDirectoryW
- Process32NextW
- CreateToolhelp32Snapshot
- CloseHandle
- DeleteFileW
- LocalFree
- CreateProcessW
- WaitForSingleObject
- GetExitCodeProcess
- GetStartupInfoW
- MapViewOfFile
- UnmapViewOfFile
- VirtualQuery
- CreateFileMappingW
- SetFilePointer
-
SHLWAPI.dll
- PathAppendW
- PathQuoteSpacesW
-
ADVAPI32.dll
- OpenServiceW
- OpenSCManagerW
- CloseServiceHandle
- QueryServiceStatusEx
-
ole32.dll
- CoUninitialize
- CoInitializeEx
-
SHELL32.dll
- None
- SHGetFolderPathW
-
USER32.dll
- wvsprintfW
- CharLowerBuffW
- MessageBoxW
{u'lang': u'LANG_NEUTRAL', u'name': u'B', u'offset': 74904, u'sha256': u'e150aba932a3ae28e0f197453f1ee25aa5586517b7235a9b17fcc800d27eecd0', u'type': u'LZMA compressed data, non-streamed, size 3340367', u'size': 665614}
{u'lang': u'LANG_NEUTRAL', u'name': u'GOOGLEUPDATE', u'offset': 740520, u'sha256': u'67abdd721024f0ff4e0b3f4c2fc13bc5bad42d0b7851d456d88d203d15aaa450', u'type': u'data', u'size': 4}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 740524, u'sha256': u'b2e2193928945cfbb081c9b7a75d2bfa61e597a616b6967a872fae6dd138d00a', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1128}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 741652, u'sha256': u'f9a8265c1095ecc63efc5ebf464bbdfd7640a5fae08d20048e8bd12c0e4bc755', u'type': u'dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4278215166, next used block 4278215166', u'size': 4264}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 745916, u'sha256': u'7cc331c8ad7cf9f16b5a88bbd1e3e3519f57126913bf9afd31e3ef907e876260', u'type': u'dBase IV DBT of \\200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 4278215166, next used block 4278215166', u'size': 16936}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 762852, u'sha256': u'5aa0cb738239cd83dc55920af2de3d5bea0f1a4f485831ec6bd732678c233165', u'type': u'PNG image data, 256 x 256, 8-bit colormap, non-interlaced', u'size': 1423}
{u'lang': u'LANG_CHINESE', u'name': u'RT_STRING', u'offset': 764276, u'sha256': u'ae848ce62f00ba6a19b34cb874e653a88877453e714b1e8bd2f479a2411adcdb', u'type': u'data', u'size': 350}
{u'lang': u'LANG_DANISH', u'name': u'RT_STRING', u'offset': 764628, u'sha256': u'c0d2709e748eb3898be43587e12e849d912849496683866843220f7e61440d81', u'type': u'data', u'size': 812}
{u'lang': u'LANG_GERMAN', u'name': u'RT_STRING', u'offset': 765440, u'sha256': u'cabfc443e19465a54106f39ebe1900ff32e67775cab57bbbcb8b588e52e78a89', u'type': u'data', u'size': 882}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_STRING', u'offset': 766324, u'sha256': u'a0932627af45e39c3f6f46586c3033840abff56f0de4c6100da8377e062b6a66', u'type': u'data', u'size': 640}
{u'lang': u'LANG_FRENCH', u'name': u'RT_STRING', u'offset': 766964, u'sha256': u'd7ca9029027dbd7381140d9a1cff47c0f47c953e48b5668cb2ea213ea699b000', u'type': u'data', u'size': 984}
{u'lang': u'LANG_ITALIAN', u'name': u'RT_STRING', u'offset': 767948, u'sha256': u'b4d72b4249a6b5df81cbc00a6f718935648073db370c7adb8e385ca300b72d75', u'type': u'data', u'size': 804}
{u'lang': u'LANG_JAPANESE', u'name': u'RT_STRING', u'offset': 768752, u'sha256': u'537cd8af902a5203c4ed3407367f756b181654f2cc5a099658656f2863082045', u'type': u'data', u'size': 468}
{u'lang': u'LANG_KOREAN', u'name': u'RT_STRING', u'offset': 769220, u'sha256': u'05b7a9da89eddd26894d6eae5f3e5d7c22ecc80b980a95aaf01c815b3f8cd964', u'type': u'data', u'size': 450}
{u'lang': u'LANG_DUTCH', u'name': u'RT_STRING', u'offset': 769672, u'sha256': u'909fbe9fc4461ef8dd74a7de6a10f62ca0f8a9ded7ab23f3325abf509a880584', u'type': u'data', u'size': 848}
{u'lang': u'LANG_NORWEGIAN', u'name': u'RT_STRING', u'offset': 770520, u'sha256': u'7ea655bc4136a090dcea202901914808bdfa4be5c2ae3d49e1af19237f83c35c', u'type': u'data', u'size': 782}
{u'lang': u'LANG_POLISH', u'name': u'RT_STRING', u'offset': 771304, u'sha256': u'6ba2b34284929d9eba9c68a3eb0168f6a9906ada4ba5807bfef6f3045db57ffa', u'type': u'data', u'size': 830}
{u'lang': u'LANG_PORTUGUESE', u'name': u'RT_STRING', u'offset': 772136, u'sha256': u'5388d2f5343eb49d90a855dadc3b767965db19dac26650d656ad420318653c64', u'type': u'data', u'size': 784}
{u'lang': u'LANG_RUSSIAN', u'name': u'RT_STRING', u'offset': 772920, u'sha256': u'436bd0e3728255511016f88ef6e7f61e7c69d52a1010ecd4be1e0532caa59ce8', u'type': u'data', u'size': 862}
{u'lang': u'LANG_SWEDISH', u'name': u'RT_STRING', u'offset': 773784, u'sha256': u'29ccfa2702939ec9f6b7f242bb266b70147bf9c155d32a38992d3f0445db9f34', u'type': u'data', u'size': 790}
{u'lang': u'LANG_THAI', u'name': u'RT_STRING', u'offset': 774576, u'sha256': u'e30dec55153200750d6af7dc0597aad39b395cf9e832573945591252e0cd7dfb', u'type': u'data', u'size': 634}
{u'lang': u'LANG_INDONESIAN', u'name': u'RT_STRING', u'offset': 775212, u'sha256': u'625b9df349341f8b3ae661f03a0eb38528adfa6147575e62ccd4bbd9ec8d59bf', u'type': u'data', u'size': 754}
{u'lang': u'LANG_UKRAINIAN', u'name': u'RT_STRING', u'offset': 775968, u'sha256': u'6affe895fcce7e8ab23f7164e48b3191ce9d54b5de794f099dd334a7f4ba19ac', u'type': u'data', u'size': 746}
{u'lang': u'LANG_MALAY', u'name': u'RT_STRING', u'offset': 776716, u'sha256': u'6bb004c619ea190b5844739e7934814bd71adec4eddf50b809b8c39c9fad8b7b', u'type': u'data', u'size': 710}
{u'lang': u'LANG_CHINESE', u'name': u'RT_STRING', u'offset': 777428, u'sha256': u'571392dfc957cb722b82901d79ae50a307ffe8655f111dc569d1739aaea6942e', u'type': u'data', u'size': 338}
{u'lang': u'LANG_SPANISH', u'name': u'RT_STRING', u'offset': 777768, u'sha256': u'706501c6b0ff43995041c9ad93c24faa5be47e3b11252b8e812d6b6e0ffbbac9', u'type': u'data', u'size': 934}
{u'lang': u'LANG_SPANISH', u'name': u'RT_STRING', u'offset': 778704, u'sha256': u'e8e4c02ac74a7d3c7410f6f6c1af233be2eb867e9161d9b6eb823821f9bcd66b', u'type': u'data', u'size': 856}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_GROUP_ICON', u'offset': 779560, u'sha256': u'd59d8afef28abd12474c1339dcbe1e85afd23b95f1890725d102c303e3020d6d', u'type': u'MS Windows icon resource - 4 icons, 16x16', u'size': 62}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_VERSION', u'offset': 779624, u'sha256': u'04c0e18e5d81bf4e97ffe4d1408de0e27fdd940738f9c7683487d6fc495fe9d8', u'type': u'data', u'size': 892}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_MANIFEST', u'offset': 780516, u'sha256': u'bcfe8c028270e9854c1cdc9480f055e5d75d1b989e9cc708f396638cc35d4a05', u'type': u'XML 1.0 document, ASCII text', u'size': 1011}