OneDriveStandaloneUpdater[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

OneDriveStandaloneUpdater.exe
Size

4.0MB
MD5

54908fe07285f37a49c18390a0f24f98
SHA1

35f29691b9b0e1b9810bd6d88fa8260a894553ea
SHA256

c2aa57ddd2b62d281f886bc2d41f076d40297d7f51438ee10d69b971254b0163
SHA512

330e635745c84fb1915562642016270058e4da47e1fb19f055a044253dfb95a99eea942d04dfe452c162b99c4f1ded291eba07e4b0541357860b10dc6d61f2de
SSDEEP

49152:/+UjWEOMwoikUgZeJFXr4WDtCzozkjRXSyMc8A5fx:TWPXbSCyMcpx

Score

N/A

Malware Config

Signatures

Files

OneDriveStandaloneUpdater.exe
.exe windows x64

399638001d18f5e9f3527e7c878c625c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FindNextFileW
FindClose
CompareFileTime
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleFileNameW
GetStdHandle
WriteFile
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
SetStdHandle
GetStringTypeW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadFile
ReadConsoleW
WriteConsoleW
VerSetConditionMask
LoadLibraryExW
MoveFileExW
IsWow64Process
ExpandEnvironmentStringsW
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
GetFileSize
CreateFileW
LocalFree
LocalAlloc
OpenMutexW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileW
GetTickCount64
GetVolumePathNameW
Sleep
GetCommandLineW
GetModuleHandleExW
FreeLibrary
GetEnvironmentVariableW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
Process32NextW
CloseHandle
LeaveCriticalSection
EnterCriticalSection
RaiseException
OutputDebugStringW
IsDebuggerPresent
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
CreateProcessW
GetProductInfo
RtlUnwind
LoadLibraryExA
VirtualQuery
VirtualProtect
InitializeCriticalSection
HeapCreate
GetDiskFreeSpaceW
LockFile
GetFullPathNameA
HeapValidate
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
CreateFileA
LoadLibraryA
DeleteFileA
GetSystemInfo
HeapCompact
UnlockFile
MapViewOfFile
GetSystemPowerStatus
GetModuleFileNameA
OutputDebugStringA
CompareStringEx
LCMapStringEx
DecodePointer
InitOnceExecuteOnce
CreateHardLinkW
AreFileApisANSI
SetEndOfFile
GetCurrentDirectoryW
GetLocaleInfoEx
AcquireSRWLockShared
ReleaseSRWLockShared
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetNativeSystemInfo
GetExitCodeThread
SwitchToThread
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
FormatMessageA
QueryPerformanceFrequency
GlobalFree
ReadProcessMemory
SetThreadInformation
GetSystemTimes
InitializeCriticalSectionAndSpinCount
VerifyVersionInfoW
DeleteFileW
GetSystemTime
CreateDirectoryW
GetFullPathNameW
GetTempFileNameW
RemoveDirectoryW
SetFileTime
GetTempPathW
CopyFileW
SystemTimeToFileTime
LockFileEx
UnlockFileEx
DeviceIoControl
LoadLibraryW
WerRegisterFile
WerUnregisterFile
GetTickCount
K32GetModuleFileNameExW
WaitForSingleObject
WaitForMultipleObjects
QueueUserWorkItem
CreateMutexW
GetVersionExW
MoveFileW
GetUserDefaultLocaleName
GetComputerNameW
ReleaseMutex
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetLongPathNameW
SetFileAttributesW
SetFileInformationByHandle
SetFilePointer
GetCompressedFileSizeW
FindFirstFileNameW
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ReadDirectoryChangesW
CreateSymbolicLinkW
CompareStringOrdinal
GetUserGeoID
GetPrivateProfileStringW
WritePrivateProfileStringW
SetDllDirectoryW
ReplaceFileW
RegisterApplicationRestart
GetFileInformationByHandleEx
OpenFileById
GetProcessTimes
GetExitCodeProcess
SetProcessShutdownParameters

user32

SystemParametersInfoW
GetMessageW
TranslateMessage
DispatchMessageW
RegisterClassW
GetWindowThreadProcessId
DestroyWindow
ShowWindow
SendMessageTimeoutW
PostThreadMessageW
PostQuitMessage
GetClassNameW
CreateWindowExW
PostMessageW
EnumWindows

oleaut32

SysAllocStringLen
SysFreeString
SysAllocString
SysStringLen
SetErrorInfo
GetErrorInfo
GetRecordInfoFromTypeInfo
SysStringByteLen
SysAllocStringByteLen
VariantInit
VariantClear
LoadRegTypeLi
LoadTypeLi
VarBstrCmp
VariantChangeType

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

shlwapi

SHCreateStreamOnFileW
PathIsDirectoryW
PathRemoveFileSpecW
SHCreateStreamOnFileEx
PathIsRelativeW
PathFindFileNameW
PathStripPathW
SHGetValueW
SHDeleteKeyW
SHDeleteValueW
SHGetValueA
SHSetValueW
SHRegGetValueW
SHRegGetPathW
SHRegGetBoolUSValueW
AssocQueryStringW
StrStrIW
PathIsPrefixW
ord219
PathFileExistsW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

userenv

GetProfileType
GetDefaultUserProfileDirectoryW
CreateEnvironmentBlock

advapi32

RegGetValueA
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid
CreateProcessAsUserW
CreateProcessWithTokenW
SetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
QueryServiceStatusEx
QueryServiceStatus
QueryServiceConfigW
DeleteService
CreateServiceW
ControlService
ChangeServiceConfig2W
ChangeServiceConfigW
RegDeleteTreeW
LookupPrivilegeValueW
SetEntriesInAclW
SetNamedSecurityInfoW
ImpersonateLoggedOnUser
RevertToSelf
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetKeyValueW
RegGetValueW
LookupAccountNameW
CryptDestroyKey
CryptSetHashParam
CryptImportKey
CreateWellKnownSid
DuplicateTokenEx
GetAclInformation
RegCreateKeyTransactedW
RegDeleteKeyExW
RegEnumKeyW
RegLoadKeyW
RegUnLoadKeyW
ConvertSidToStringSidW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
GetTokenInformation
OpenProcessToken
RegOpenKeyExW
GetUserNameW
EventWriteTransfer
EventUnregister
EventRegister

shell32

SHLoadNonloadedIconOverlayIdentifiers
SHSetKnownFolderPath
SHCreateItemFromParsingName
SHGetKnownFolderPath
SHAssocEnumHandlers
SHParseDisplayName
SHFileOperationW
SHChangeNotify
ord526
ShellExecuteExW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
CommandLineToArgvW
SHGetFolderPathW
SHGetFolderPathAndSubDirW

ole32

CoSetProxyBlanket
CoInitialize
CreateBindCtx
StringFromCLSID
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoTaskMemFree
GetRunningObjectTable
CreateItemMoniker
CoCreateGuid
CoUninitialize
CoInitializeEx
CLSIDFromString
CoCreateFreeThreadedMarshaler

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpSetCredentials
WinHttpSetOption
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpCrackUrl

rstrtmgr

RmGetList
RmEndSession
RmRegisterResources
RmStartSession

wintrust

WinVerifyTrustEx
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSQueryUserToken

bcrypt

BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptDestroyKey
BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptSetProperty

crypt32

CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptBinaryToStringW
CryptStringToBinaryW

rpcrt4

RpcBindingSetAuthInfoExW
RpcServerUnregisterIf
RpcServerRegisterIfEx
RpcServerInqBindings
RpcStringBindingComposeW
RpcBindingVectorFree
RpcEpRegisterW
RpcEpUnregister
RpcServerUseProtseqW
UuidToStringW
RpcServerInqCallAttributesW
RpcBindingFromStringBindingW
RpcBindingFree
RpcExceptionFilter
RpcStringFreeW

secur32

GetUserNameExW

urlmon

URLOpenStreamW

wininet

HttpSendRequestW
HttpQueryInfoA
InternetCheckConnectionW
InternetConnectA
InternetCrackUrlA
InternetOpenW
InternetCloseHandle
HttpAddRequestHeadersA
HttpOpenRequestA
InternetSetStatusCallbackW
InternetQueryOptionW
InternetReadFile

ws2_32

htonl
send
htons
socket
WSAStartup
WSAGetLastError
closesocket
listen
accept
setsockopt
bind

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 849KB - Virtual size: 848KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 111KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

399638001d18f5e9f3527e7c878c625c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

oleaut32

ntdll

shlwapi

version

userenv

advapi32

shell32

ole32

winhttp

rstrtmgr

wintrust

wtsapi32

bcrypt

crypt32

rpcrt4

secur32

urlmon

wininet

ws2_32

iphlpapi

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 849KB - Virtual size: 848KB

.data Size: 111KB - Virtual size: 128KB

.pdata Size: 115KB - Virtual size: 115KB

.didat Size: 512B - Virtual size: 72B

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 849KB - Virtual size: 848KB

.data
Size: 111KB - Virtual size: 128KB

.pdata
Size: 115KB - Virtual size: 115KB

.didat
Size: 512B - Virtual size: 72B

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 20KB - Virtual size: 19KB