onedrive[.]updated[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

onedrive.updated.exe
Size

4.7MB
MD5

a1670c38632ef92883eb6c57fb5f46ed
SHA1

760225427be0ac51a55b0dbbe940c842b1c71b9f
SHA256

1b5b6a176580c369f0e10411918fcdd8c32052a2d3af3f594f4c3e3971b5bb21
SHA512

430d764f25d8e9e76686e4f5c732e5db539d81091d3c67597e768014ca345278fd52b113e36e84e64790bd3d69f583b113620ef383ba72c17bf7b1d403db29a3
SSDEEP

98304:/K0lLmml1PWpiSzZSXRn7+d0iGPav5E8XKoqw:/KWLmmlFeiWEn7+dlGWiB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
onedrive.updated.exe

Files

onedrive.updated.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Odz0w
Size: 4.1MB - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

I4dR0
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

4pzTk
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

krmqy
Size: 495KB - Virtual size: 494KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xyC4h
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

uMHca
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ