Windows Analysis Report
OneDriveUpdater.exe

Overview

General Information

Sample name: OneDriveUpdater.exe
Analysis ID: 1467919
MD5: 792e95b64b9cf45ac8bc10d4d0f077c2
SHA1: e50af7ee7e0a323d8aa60b6d9b3d39ab33b004f5
SHA256: 60e64dd2c6d2ac6fe9b498fadac81bc34a725de5d893e7df8b2728d8dc5b192d
Infos:

Detection

Score: 0
Range: 0 - 100
Whitelisted: true
Confidence: 100%

Signatures

Contains functionality to check if a connection to the internet is available
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to delete services
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found potential string decryption / allocating functions
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4110E98 CryptAcquireContextW,CryptCreateHash,CryptGetHashParam,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,CryptDestroyHash,CryptReleaseContext, 0_2_00007FF7C4110E98
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4120034 _invalid_parameter_noinfo,CryptAcquireContextW,GetLastError,CryptImportKey,GetLastError,CryptCreateHash,GetLastError,CryptSetHashParam,GetLastError,CryptHashData,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,CryptDestroyHash,CryptDestroyKey,CryptReleaseContext, 0_2_00007FF7C4120034
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4113C64 _Aligned_get_default_resource,CryptBinaryToStringW,CryptBinaryToStringW,CryptStringToBinaryW,_Aligned_get_default_resource,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, 0_2_00007FF7C4113C64
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40B8874 BCryptDestroyKey,_invalid_parameter_noinfo_noreturn, 0_2_00007FF7C40B8874
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C42D0F3C CryptCreateHash,GetLastError,CreateFileW,GetFileSize,CreateFileMappingW,MapViewOfFile,CryptHashData,GetLastError,CryptGetHashParam,CryptGetHashParam,UnmapViewOfFile,CryptDestroyHash,CloseHandle,CloseHandle,CloseHandle, 0_2_00007FF7C42D0F3C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C42D0C78 CryptReleaseContext, 0_2_00007FF7C42D0C78
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C42D0CD4 CryptStringToBinaryW,GetLastError,CryptStringToBinaryW,CryptStringToBinaryW,CryptStringToBinaryW, 0_2_00007FF7C42D0CD4
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C42D11CC CryptBinaryToStringW,CryptBinaryToStringW,GetLastError, 0_2_00007FF7C42D11CC
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C42D1338 CryptBinaryToStringW,CryptBinaryToStringW,GetLastError, 0_2_00007FF7C42D1338
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C42D14A4 CryptAcquireContextW,GetLastError, 0_2_00007FF7C42D14A4
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4092050 CryptDestroyHash, 0_2_00007FF7C4092050
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40920B4 CryptGetHashParam,GetLastError,CryptGetHashParam,_invalid_parameter_noinfo,CryptDestroyHash, 0_2_00007FF7C40920B4
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40921A4 CryptCreateHash,GetLastError, 0_2_00007FF7C40921A4
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40921F0 CryptAcquireContextW, 0_2_00007FF7C40921F0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4092220 CryptReleaseContext, 0_2_00007FF7C4092220
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C409224C CryptHashData,GetLastError, 0_2_00007FF7C409224C
Source: OneDriveUpdater.exe Static PE information: certificate valid
Source: OneDriveUpdater.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\dbs\sh\odct\0417_205450_0\client\onedrive\Product\StandaloneUpdater\exe\obj\amd64\OneDriveStandaloneUpdater.pdbT source: OneDriveUpdater.exe
Source: Binary string: D:\dbs\sh\odct\0417_205450_0\client\onedrive\Product\StandaloneUpdater\exe\obj\amd64\OneDriveStandaloneUpdater.pdb source: OneDriveUpdater.exe
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4030EC4 FindFirstFileW,GetLastError,FindNextFileW,GetLastError,FindClose, 0_2_00007FF7C4030EC4
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C406521C FindFirstFileW,GetLastError,FindNextFileW,GetLastError,CompareFileTime,DeleteFileW,GetLastError,FindClose, 0_2_00007FF7C406521C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C403125C FindFirstFileW,GetLastError,FindNextFileW,GetLastError,FindClose, 0_2_00007FF7C403125C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C407ACC0 FindFirstFileW,FindNextFileW,FindClose, 0_2_00007FF7C407ACC0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40A91B4 GetTempPathW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose, 0_2_00007FF7C40A91B4
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C410DFF8 FindFirstFileW,FindClose,DeleteFileW,GetLastError, 0_2_00007FF7C410DFF8
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4122020 FindFirstFileNameW, 0_2_00007FF7C4122020
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4122080 FindFirstFileW, 0_2_00007FF7C4122080
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4051A80 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 0_2_00007FF7C4051A80
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C414E934 FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError, 0_2_00007FF7C414E934
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C412F9D0 FindFirstFileW, 0_2_00007FF7C412F9D0
Contains functionality to check if a connection to the internet is available
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4122A30 InternetCheckConnectionW, 0_2_00007FF7C4122A30
Source: OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB93717000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://clients.config.office.net/collector/v1.0/inventoryodbc:December
Source: OneDriveUpdater.exe, 00000000.00000003.2037954027.000001BB9545A000.00000004.00000020.00020000.00000000.sdmp, OneDriveUpdater.exe, 00000000.00000003.2038396854.000001BB9553B000.00000004.00000020.00020000.00000000.sdmp, OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB93717000.00000004.00000020.00020000.00000000.sdmp, OneDriveUpdater.exe, 00000000.00000003.2038736188.000001BB95499000.00000004.00000020.00020000.00000000.sdmp, OneDriveUpdater.exe, 00000000.00000003.2038342311.000001BB9548A000.00000004.00000020.00020000.00000000.sdmp, OneDriveUpdater.exe, 00000000.00000003.2038946928.000001BB9553D000.00000004.00000020.00020000.00000000.sdmp, OneDriveUpdater.exe, 00000000.00000003.2038314047.000001BB95465000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: OneDriveUpdater.exe String found in binary or memory: https://dc.services.visualstudio.com/v2/track
Source: OneDriveUpdater.exe String found in binary or memory: https://g.live.com
Source: OneDriveUpdater.exe String found in binary or memory: https://g.live.com/1rewlive5skydrive/MsitFastV2
Source: OneDriveUpdater.exe String found in binary or memory: https://g.live.com/1rewlive5skydrive/MsitSlowV2
Source: OneDriveUpdater.exe String found in binary or memory: https://g.live.com/1rewlive5skydrive/ODSUEnterpriseV2
Source: OneDriveUpdater.exe String found in binary or memory: https://g.live.com/1rewlive5skydrive/ODSUEnterpriseV2https://g.live.com/1rewlive5skydrive/ODSUMsitFa
Source: OneDriveUpdater.exe String found in binary or memory: https://g.live.com/1rewlive5skydrive/ODSUInsiderV2
Source: OneDriveUpdater.exe String found in binary or memory: https://g.live.com/1rewlive5skydrive/ODSUMsitFastV2
Source: OneDriveUpdater.exe String found in binary or memory: https://g.live.com/1rewlive5skydrive/ODSUMsitSlowV2
Source: StandaloneUpdater-2024-07-04.2340.7252.1.aodl.0.dr, StandaloneUpdate_2024-07-04_234035_7252-7256.log.0.dr String found in binary or memory: https://g.live.com/1rewlive5skydrive/ODSUProductionV2
Source: OneDriveUpdater.exe String found in binary or memory: https://g.live.com/1rewlive5skydrive/OSRSS_32bit
Source: OneDriveUpdater.exe String found in binary or memory: https://g.live.com/1rewlive5skydrive/OSRSS_32bithttps://g.live.com/1rewlive5skydrive/OSRSS_64bit%loc
Source: OneDriveUpdater.exe String found in binary or memory: https://g.live.com/1rewlive5skydrive/OSRSS_64bit
Source: OneDriveUpdater.exe, 00000000.00000002.2899076468.000001BB954C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://g.live.com/1rewlive5skydrive/One
Source: OneDriveUpdater.exe String found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveEnterpriseV2
Source: OneDriveUpdater.exe String found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveInsiderV2
Source: StandaloneUpdater-2024-07-04.2340.7252.1.aodl.0.dr, StandaloneUpdate_2024-07-04_234035_7252-7256.log.0.dr String found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2
Source: OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB93717000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2ember:Dec:December
Source: OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB93717000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2ember:Dec:Decemberd$hh0
Source: OneDriveUpdater.exe, 00000000.00000002.2899076468.000001BB954C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://g.live.com/1rewlive5skydrive/Onee
Source: OneDriveUpdater.exe String found in binary or memory: https://g.live.com/1rewlive5skydrive/win7
Source: OneDriveUpdater.exe String found in binary or memory: https://g.live.com/1rewlive5skydrive/win8
Source: OneDriveUpdater.exe String found in binary or memory: https://g.live.com/1rewlive5skydrive/win81
Source: OneDriveUpdater.exe String found in binary or memory: https://g.live.com/1rewlive5skydrive/win81https://g.live.com/1rewlive5skydrive/win8https://g.live.co
Source: OneDriveUpdater.exe String found in binary or memory: https://g.live.com/odclientsettings/Enterprise
Source: OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB936C8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://g.live.com/odclientsettings/Enterprise%l
Source: OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB93717000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://g.live.com/odclientsettings/EnterpriseG?Bi
Source: OneDriveUpdater.exe String found in binary or memory: https://g.live.com/odclientsettings/Enterprisehttps://g.live.com/odclientsettings/MsitFasthttps://g.
Source: OneDriveUpdater.exe, OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB93717000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://g.live.com/odclientsettings/Insiders
Source: OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB936C8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://g.live.com/odclientsettings/Insidersl
Source: OneDriveUpdater.exe String found in binary or memory: https://g.live.com/odclientsettings/MsitFast
Source: OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB93717000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://g.live.com/odclientsettings/MsitFast:?
Source: OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB936C8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://g.live.com/odclientsettings/MsitFastl
Source: OneDriveUpdater.exe String found in binary or memory: https://g.live.com/odclientsettings/MsitSlow
Source: OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB93717000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://g.live.com/odclientsettings/MsitSlow#?
Source: OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB936C8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://g.live.com/odclientsettings/MsitSlowl
Source: StandaloneUpdate_2024-07-04_234035_7252-7256.log.0.dr String found in binary or memory: https://g.live.com/odclientsettings/Prod
Source: OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB93717000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://g.live.com/odclientsettings/Prodonfig
Source: OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB936C8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://g.live.com/odclientsettings/Prods
Source: OneDriveUpdater.exe, 00000000.00000002.2899300327.000001BB95800000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://oneclient.sfx.
Source: OneDriveUpdater.exe, OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB936EE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://oneclient.sfx.ms
Source: OneDriveUpdater.exe, 00000000.00000002.2899300327.000001BB95800000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://oneclient.sfx.ms/Win/Ig
Source: OneDriveUpdater.exe, 00000000.00000002.2899300327.000001BB95800000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://oneclient.sfx.ms/Win/Install
Source: OneDriveUpdater.exe, 00000000.00000002.2899300327.000001BB95800000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/24.1
Source: StandaloneUpdater-2024-07-04.2340.7252.1.aodl.0.dr, Update.xml.0.dr, Update.xml0.0.dr String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/24.116.0609.0005/OneDriveSetup.exe
Source: OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB936EE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/24.116.0609.0005/OneDriveSetup.exen
Source: OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB936EE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/24.116.0609.0005/OneDriveSetup.exes.
Source: StandaloneUpdater-2024-07-04.2340.7252.1.aodl.0.dr, Update.xml.0.dr, Update.xml0.0.dr String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/24.116.0609.0005/amd64/OneDriveSetup.exe
Source: OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB93717000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/24.116.0609.0005/amd64/OneDriveSetup.exes
Source: StandaloneUpdater-2024-07-04.2340.7252.1.aodl.0.dr, Update.xml.0.dr, Update.xml0.0.dr String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/24.116.0609.0005/arm64/OneDriveSetup.exe
Source: OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB93717000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/24.116.0609.0005/arm64/OneDriveSetup.exeb-
Source: StandaloneUpdater-2024-07-04.2340.7252.1.aodl.0.dr, Update.xml0.0.dr String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/24.126.0623.0001/OneDriveSetup.exe
Source: StandaloneUpdater-2024-07-04.2340.7252.1.aodl.0.dr, Update.xml0.0.dr String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/24.126.0623.0001/amd64/OneDriveSetup.exe
Source: OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB93717000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/24.126.0623.0001/amd64/OneDriveSetup.exerday
Source: StandaloneUpdater-2024-07-04.2340.7252.1.aodl.0.dr, Update.xml0.0.dr String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/24.126.0623.0001/arm64/OneDriveSetup.exe
Source: OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB93717000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/24.126.0623.0001/arm64/OneDriveSetup.exes
Source: StandaloneUpdater-2024-07-04.2340.7252.1.aodl.0.dr, Update.xml0.0.dr String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/24.128.0625.0001/OneDriveSetup.exe
Source: OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB936EE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/24.128.0625.0001/OneDriveSetup.exenes
Source: OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB93762000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/24.128.0625.0001/amd64/O
Source: OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB93762000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/24.128.0625.0001/amd64/ODi
Source: StandaloneUpdater-2024-07-04.2340.7252.1.aodl.0.dr, Update.xml0.0.dr, StandaloneUpdate_2024-07-04_234035_7252-7256.log.0.dr String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/24.128.0625.0001/amd64/OneDriveSetup.exe
Source: OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB93708000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/24.128.0625.0001/amd64/OneDriveSetup.exe?OneDriveUpdate=1d5c
Source: OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB93708000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/24.128.0625.0001/amd64/OneDriveSetup.exees
Source: OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB93717000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/24.128.0625.0001/amd64/OneDriveSetup.exerday~-
Source: OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB93717000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/24.128.0625.0001/amd64/OneDriveSetup.exes
Source: StandaloneUpdater-2024-07-04.2340.7252.1.aodl.0.dr, Update.xml0.0.dr String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/24.128.0625.0001/arm64/OneDriveSetup.exe
Source: OneDriveUpdater.exe, 00000000.00000002.2897803199.000001BB93717000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/24.128.0625.0001/arm64/OneDriveSetup.exes
Source: OneDriveUpdater.exe, 00000000.00000002.2899300327.000001BB95800000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/24.1O
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4120034 _invalid_parameter_noinfo,CryptAcquireContextW,GetLastError,CryptImportKey,GetLastError,CryptCreateHash,GetLastError,CryptSetHashParam,GetLastError,CryptHashData,GetLastError,CryptHashData,GetLastError,CryptGetHashParam,GetLastError,CryptDestroyHash,CryptDestroyKey,CryptReleaseContext, 0_2_00007FF7C4120034
Contains functionality to communicate with device drivers
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C407B214: CreateFileW,DeviceIoControl,DeviceIoControl,FindCloseChangeNotification, 0_2_00007FF7C407B214
Contains functionality to delete services
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4121F10 DeleteService, 0_2_00007FF7C4121F10
Contains functionality to launch a process as a different user
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4121CA0 CreateProcessAsUserW, 0_2_00007FF7C4121CA0
Detected potential crypto function
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4014748 0_2_00007FF7C4014748
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41107BC 0_2_00007FF7C41107BC
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40642AC 0_2_00007FF7C40642AC
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C414C3FC 0_2_00007FF7C414C3FC
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4010490 0_2_00007FF7C4010490
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40E04A4 0_2_00007FF7C40E04A4
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C401D018 0_2_00007FF7C401D018
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C42CD084 0_2_00007FF7C42CD084
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40E091C 0_2_00007FF7C40E091C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4111748 0_2_00007FF7C4111748
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41317B8 0_2_00007FF7C41317B8
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40A97C0 0_2_00007FF7C40A97C0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C406521C 0_2_00007FF7C406521C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4165224 0_2_00007FF7C4165224
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4025280 0_2_00007FF7C4025280
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4061D0C 0_2_00007FF7C4061D0C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C412A8E0 0_2_00007FF7C412A8E0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41129C0 0_2_00007FF7C41129C0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4026C30 0_2_00007FF7C4026C30
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4103E90 0_2_00007FF7C4103E90
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C411BE6C 0_2_00007FF7C411BE6C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4120034 0_2_00007FF7C4120034
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C416C520 0_2_00007FF7C416C520
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4158570 0_2_00007FF7C4158570
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C42B4600 0_2_00007FF7C42B4600
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40F45F8 0_2_00007FF7C40F45F8
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4094620 0_2_00007FF7C4094620
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4048690 0_2_00007FF7C4048690
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40C4698 0_2_00007FF7C40C4698
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4114714 0_2_00007FF7C4114714
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41AC7A0 0_2_00007FF7C41AC7A0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C413C7E0 0_2_00007FF7C413C7E0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C42B8850 0_2_00007FF7C42B8850
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40B8874 0_2_00007FF7C40B8874
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C415C8E0 0_2_00007FF7C415C8E0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4190154 0_2_00007FF7C4190154
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C42B8130 0_2_00007FF7C42B8130
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4174120 0_2_00007FF7C4174120
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C404C1AC 0_2_00007FF7C404C1AC
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41241D0 0_2_00007FF7C41241D0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C42B81B0 0_2_00007FF7C42B81B0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40C41FC 0_2_00007FF7C40C41FC
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40C8310 0_2_00007FF7C40C8310
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4020390 0_2_00007FF7C4020390
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40BC414 0_2_00007FF7C40BC414
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40C0420 0_2_00007FF7C40C0420
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C411C430 0_2_00007FF7C411C430
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40F045C 0_2_00007FF7C40F045C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C407C4D0 0_2_00007FF7C407C4D0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40B0DD0 0_2_00007FF7C40B0DD0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4084DD8 0_2_00007FF7C4084DD8
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C404CE48 0_2_00007FF7C404CE48
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C411CE84 0_2_00007FF7C411CE84
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4168E80 0_2_00007FF7C4168E80
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40C0E5C 0_2_00007FF7C40C0E5C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C42D0F3C 0_2_00007FF7C42D0F3C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C413CF90 0_2_00007FF7C413CF90
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4084F78 0_2_00007FF7C4084F78
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4118F70 0_2_00007FF7C4118F70
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40A0FE0 0_2_00007FF7C40A0FE0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41809F0 0_2_00007FF7C41809F0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4090A24 0_2_00007FF7C4090A24
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4168A58 0_2_00007FF7C4168A58
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40B8AE0 0_2_00007FF7C40B8AE0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4154ADC 0_2_00007FF7C4154ADC
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4004B60 0_2_00007FF7C4004B60
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40C8B60 0_2_00007FF7C40C8B60
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4098BDC 0_2_00007FF7C4098BDC
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C416CC70 0_2_00007FF7C416CC70
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C412CCC8 0_2_00007FF7C412CCC8
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C42BCCE0 0_2_00007FF7C42BCCE0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4199554 0_2_00007FF7C4199554
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4031560 0_2_00007FF7C4031560
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40E1558 0_2_00007FF7C40E1558
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C415D560 0_2_00007FF7C415D560
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41410B0 0_2_00007FF7C41410B0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4055670 0_2_00007FF7C4055670
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C419D710 0_2_00007FF7C419D710
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C42C5790 0_2_00007FF7C42C5790
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41497A4 0_2_00007FF7C41497A4
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40D9810 0_2_00007FF7C40D9810
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C405982A 0_2_00007FF7C405982A
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40D9860 0_2_00007FF7C40D9860
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4129860 0_2_00007FF7C4129860
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C42C58B0 0_2_00007FF7C42C58B0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40A1904 0_2_00007FF7C40A1904
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C405911C 0_2_00007FF7C405911C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C419912C 0_2_00007FF7C419912C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C404D1CC 0_2_00007FF7C404D1CC
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41AD280 0_2_00007FF7C41AD280
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41612C0 0_2_00007FF7C41612C0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C42C12B8 0_2_00007FF7C42C12B8
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C411CE84 0_2_00007FF7C411CE84
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4179448 0_2_00007FF7C4179448
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41E1DFC 0_2_00007FF7C41E1DFC
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4139E04 0_2_00007FF7C4139E04
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4055DE0 0_2_00007FF7C4055DE0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4161F40 0_2_00007FF7C4161F40
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4141F1C 0_2_00007FF7C4141F1C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4021F44 0_2_00007FF7C4021F44
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4159FAC 0_2_00007FF7C4159FAC
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C419997C 0_2_00007FF7C419997C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41410B0 0_2_00007FF7C41410B0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4005A00 0_2_00007FF7C4005A00
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40BDA30 0_2_00007FF7C40BDA30
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4051A80 0_2_00007FF7C4051A80
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40BDAA0 0_2_00007FF7C40BDAA0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40B1AA0 0_2_00007FF7C40B1AA0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4031B60 0_2_00007FF7C4031B60
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4099CD4 0_2_00007FF7C4099CD4
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4111CF0 0_2_00007FF7C4111CF0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C415252C 0_2_00007FF7C415252C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C415E560 0_2_00007FF7C415E560
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40B2660 0_2_00007FF7C40B2660
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40DA65C 0_2_00007FF7C40DA65C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4096720 0_2_00007FF7C4096720
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C402A780 0_2_00007FF7C402A780
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4166830 0_2_00007FF7C4166830
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C414A830 0_2_00007FF7C414A830
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41A285C 0_2_00007FF7C41A285C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C418A144 0_2_00007FF7C418A144
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41EA11C 0_2_00007FF7C41EA11C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40B6140 0_2_00007FF7C40B6140
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41EA21C 0_2_00007FF7C41EA21C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41BA2DC 0_2_00007FF7C41BA2DC
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4016354 0_2_00007FF7C4016354
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C405E35C 0_2_00007FF7C405E35C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C411E410 0_2_00007FF7C411E410
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C415A3DC 0_2_00007FF7C415A3DC
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40C6480 0_2_00007FF7C40C6480
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C406ED48 0_2_00007FF7C406ED48
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C404ADB4 0_2_00007FF7C404ADB4
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4016E90 0_2_00007FF7C4016E90
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C405EF21 0_2_00007FF7C405EF21
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40AEF60 0_2_00007FF7C40AEF60
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C405EFAB 0_2_00007FF7C405EFAB
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C404AF9C 0_2_00007FF7C404AF9C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4156FD0 0_2_00007FF7C4156FD0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C406F050 0_2_00007FF7C406F050
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C416F06C 0_2_00007FF7C416F06C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C415B0C4 0_2_00007FF7C415B0C4
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C42C3108 0_2_00007FF7C42C3108
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40E3110 0_2_00007FF7C40E3110
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40B6958 0_2_00007FF7C40B6958
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C405A9E8 0_2_00007FF7C405A9E8
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40DA65C 0_2_00007FF7C40DA65C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C404A9E0 0_2_00007FF7C404A9E0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C405EA30 0_2_00007FF7C405EA30
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4156A80 0_2_00007FF7C4156A80
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4006A80 0_2_00007FF7C4006A80
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4072B3C 0_2_00007FF7C4072B3C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C404ABC8 0_2_00007FF7C404ABC8
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C403EC48 0_2_00007FF7C403EC48
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C405B538 0_2_00007FF7C405B538
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C410F56C 0_2_00007FF7C410F56C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C42C3600 0_2_00007FF7C42C3600
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4137610 0_2_00007FF7C4137610
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41135EC 0_2_00007FF7C41135EC
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40476CC 0_2_00007FF7C40476CC
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40DB6DC 0_2_00007FF7C40DB6DC
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4133734 0_2_00007FF7C4133734
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C406F7AC 0_2_00007FF7C406F7AC
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41A77FC 0_2_00007FF7C41A77FC
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C416B7F0 0_2_00007FF7C416B7F0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40AF824 0_2_00007FF7C40AF824
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4167850 0_2_00007FF7C4167850
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C42B78D0 0_2_00007FF7C42B78D0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C414B8C8 0_2_00007FF7C414B8C8
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C404B188 0_2_00007FF7C404B188
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40971C0 0_2_00007FF7C40971C0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40BB1C4 0_2_00007FF7C40BB1C4
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C401F1E8 0_2_00007FF7C401F1E8
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40FB254 0_2_00007FF7C40FB254
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C405B2BC 0_2_00007FF7C405B2BC
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C411B2F4 0_2_00007FF7C411B2F4
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C404B370 0_2_00007FF7C404B370
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4117400 0_2_00007FF7C4117400
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C42BB474 0_2_00007FF7C42BB474
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40A7D2D 0_2_00007FF7C40A7D2D
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C418FD2C 0_2_00007FF7C418FD2C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41E3DD0 0_2_00007FF7C41E3DD0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4117E78 0_2_00007FF7C4117E78
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4133EC0 0_2_00007FF7C4133EC0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40FBEF4 0_2_00007FF7C40FBEF4
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C414FF28 0_2_00007FF7C414FF28
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C415BF88 0_2_00007FF7C415BF88
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4057930 0_2_00007FF7C4057930
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C419F920 0_2_00007FF7C419F920
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41539C4 0_2_00007FF7C41539C4
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C408F9C8 0_2_00007FF7C408F9C8
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C42CF9A4 0_2_00007FF7C42CF9A4
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4197A68 0_2_00007FF7C4197A68
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: String function: 00007FF7C4065BC0 appears 95 times
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: String function: 00007FF7C40649A8 appears 39 times
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: String function: 00007FF7C40387F8 appears 40 times
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: String function: 00007FF7C4064448 appears 63 times
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: String function: 00007FF7C4019D08 appears 64 times
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: String function: 00007FF7C40198B4 appears 690 times
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: String function: 00007FF7C4174970 appears 43 times
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: String function: 00007FF7C40381A4 appears 55 times
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: String function: 00007FF7C40A3E8C appears 39 times
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: String function: 00007FF7C402C7D8 appears 57 times
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: String function: 00007FF7C40D9714 appears 31 times
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: String function: 00007FF7C402E8B8 appears 205 times
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: String function: 00007FF7C4019D98 appears 33 times
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: String function: 00007FF7C4175F64 appears 181 times
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: String function: 00007FF7C4079000 appears 39 times
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: String function: 00007FF7C40765D4 appears 112 times
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: String function: 00007FF7C401B4E4 appears 950 times
Sample file is different than original file name gathered from version info
Source: OneDriveUpdater.exe Binary or memory string: OriginalFilename vs OneDriveUpdater.exe
Source: OneDriveUpdater.exe Binary or memory string: \StringFileInfo\%04x%04x\OriginalFilename vs OneDriveUpdater.exe
Source: OneDriveUpdater.exe, 00000000.00000002.2900692178.00007FF7C4401000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameOneDriveStandaloneUpdater.exeF vs OneDriveUpdater.exe
Source: OneDriveUpdater.exe, 00000000.00000002.2898735011.000001BB95403000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameWinWord.exeB vs OneDriveUpdater.exe
Source: OneDriveUpdater.exe Binary or memory string: OriginalFilenameOneDriveStandaloneUpdater.exeF vs OneDriveUpdater.exe
Source: classification engine Classification label: clean6.winEXE@1/6@0/0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4121670 AdjustTokenPrivileges, 0_2_00007FF7C4121670
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4117230 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,CloseHandle,GetLastError,AdjustTokenPrivileges,GetLastError,CloseHandle, 0_2_00007FF7C4117230
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40C74A0 LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,GetLastError, 0_2_00007FF7C40C74A0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41221B0 GetDiskFreeSpaceExW, 0_2_00007FF7C41221B0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: CreateServiceW, 0_2_00007FF7C4121DA0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4139C30 CreateToolhelp32Snapshot,Process32FirstW,FindCloseChangeNotification, 0_2_00007FF7C4139C30
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4105810 CoCreateInstance, 0_2_00007FF7C4105810
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4121910 ChangeServiceConfig2W, 0_2_00007FF7C4121910
Source: C:\Users\user\Desktop\OneDriveUpdater.exe File created: C:\Users\user\AppData\Local\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2024-07-04.2340.7252.1.aodl Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Mutant created: \Sessions\1\BaseNamedObjects\FileSyncClientUpdaterNamedMutex
Source: C:\Users\user\Desktop\OneDriveUpdater.exe File created: C:\Users\user\AppData\Local\Temp\wctC1D2.tmp Jump to behavior
Source: OneDriveUpdater.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\OneDriveUpdater.exe File read: C:\Users\user\AppData\Local\Microsoft\OneDrive\logs\Common\DeviceHealthSummaryConfiguration.ini Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: OneDriveUpdater.exe, 00000000.00000002.2900445177.00007FF7C43C3000.00000008.00000001.01000000.00000003.sdmp, OneDriveUpdater.exe, 00000000.00000000.1645667013.00007FF7C43BF000.00000008.00000001.01000000.00000003.sdmp Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: OneDriveUpdater.exe, 00000000.00000002.2900445177.00007FF7C43C3000.00000008.00000001.01000000.00000003.sdmp, OneDriveUpdater.exe, 00000000.00000000.1645667013.00007FF7C43BF000.00000008.00000001.01000000.00000003.sdmp Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: OneDriveUpdater.exe, 00000000.00000002.2900445177.00007FF7C43C3000.00000008.00000001.01000000.00000003.sdmp, OneDriveUpdater.exe, 00000000.00000000.1645667013.00007FF7C43BF000.00000008.00000001.01000000.00000003.sdmp Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: OneDriveUpdater.exe, 00000000.00000002.2900445177.00007FF7C43C3000.00000008.00000001.01000000.00000003.sdmp, OneDriveUpdater.exe, 00000000.00000000.1645667013.00007FF7C43BF000.00000008.00000001.01000000.00000003.sdmp Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Section loaded: bitsproxy.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Section loaded: wofutil.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Section loaded: msxml6.dll Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CE34C0D-0DC9-4C1F-897C-DAA1B78CEE7C}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe File written: C:\Users\user\AppData\Local\Microsoft\OneDrive\logs\Common\DeviceHealthSummaryConfiguration.ini Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Key opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Office\ClickToRun\Configuration Jump to behavior
Source: OneDriveUpdater.exe Static PE information: certificate valid
Source: initial sample Static PE information: Valid certificate with Microsoft Issuer
Source: OneDriveUpdater.exe Static PE information: More than 248 > 100 exports found
Source: OneDriveUpdater.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: OneDriveUpdater.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: OneDriveUpdater.exe Static file information: File size 4200864 > 1048576
Source: OneDriveUpdater.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x2e7a00
Source: OneDriveUpdater.exe Static PE information: More than 200 imports for KERNEL32.dll
Source: OneDriveUpdater.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: OneDriveUpdater.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: OneDriveUpdater.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: OneDriveUpdater.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: OneDriveUpdater.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: OneDriveUpdater.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: OneDriveUpdater.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: OneDriveUpdater.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\dbs\sh\odct\0417_205450_0\client\onedrive\Product\StandaloneUpdater\exe\obj\amd64\OneDriveStandaloneUpdater.pdbT source: OneDriveUpdater.exe
Source: Binary string: D:\dbs\sh\odct\0417_205450_0\client\onedrive\Product\StandaloneUpdater\exe\obj\amd64\OneDriveStandaloneUpdater.pdb source: OneDriveUpdater.exe
Source: OneDriveUpdater.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: OneDriveUpdater.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: OneDriveUpdater.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: OneDriveUpdater.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: OneDriveUpdater.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41241D0 OpenProcess,GetLastError,LoadLibraryW,GetProcAddress,FreeLibrary,GetLastError,ReadProcessMemory,GetLastError,ReadProcessMemory,GetLastError,ReadProcessMemory,GetLastError,CloseHandle, 0_2_00007FF7C41241D0
PE file contains sections with non-standard names
Source: OneDriveUpdater.exe Static PE information: section name: .didat
Source: OneDriveUpdater.exe Static PE information: section name: _RDATA
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C412E481 push rax; ret 0_2_00007FF7C412E483
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C414F332 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_00007FF7C414F332
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4030EC4 FindFirstFileW,GetLastError,FindNextFileW,GetLastError,FindClose, 0_2_00007FF7C4030EC4
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C406521C FindFirstFileW,GetLastError,FindNextFileW,GetLastError,CompareFileTime,DeleteFileW,GetLastError,FindClose, 0_2_00007FF7C406521C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C403125C FindFirstFileW,GetLastError,FindNextFileW,GetLastError,FindClose, 0_2_00007FF7C403125C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C407ACC0 FindFirstFileW,FindNextFileW,FindClose, 0_2_00007FF7C407ACC0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40A91B4 GetTempPathW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose, 0_2_00007FF7C40A91B4
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C410DFF8 FindFirstFileW,FindClose,DeleteFileW,GetLastError, 0_2_00007FF7C410DFF8
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4122020 FindFirstFileNameW, 0_2_00007FF7C4122020
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4122080 FindFirstFileW, 0_2_00007FF7C4122080
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4051A80 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 0_2_00007FF7C4051A80
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C414E934 FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError, 0_2_00007FF7C414E934
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C412F9D0 FindFirstFileW, 0_2_00007FF7C412F9D0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Process information queried: ProcessInformation Jump to behavior
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4038BBC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF7C4038BBC
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41241D0 OpenProcess,GetLastError,LoadLibraryW,GetProcAddress,FreeLibrary,GetLastError,ReadProcessMemory,GetLastError,ReadProcessMemory,GetLastError,ReadProcessMemory,GetLastError,CloseHandle, 0_2_00007FF7C41241D0
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C419580C GetProcessHeap,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, 0_2_00007FF7C419580C
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4038DA0 SetUnhandledExceptionFilter, 0_2_00007FF7C4038DA0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4038FC4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00007FF7C4038FC4
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4038BBC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF7C4038BBC
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40465BC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF7C40465BC
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41216B0 AllocateAndInitializeSid, 0_2_00007FF7C41216B0
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4063FF0 cpuid 0_2_00007FF7C4063FF0
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: GetLocaleInfoEx, 0_2_00007FF7C414F1B8
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: GetLocaleInfoW, 0_2_00007FF7C40585E0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, 0_2_00007FF7C4058738
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: GetLocaleInfoW, 0_2_00007FF7C40587E8
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, 0_2_00007FF7C4058914
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: EnumSystemLocalesW, 0_2_00007FF7C4058228
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: EnumSystemLocalesW, 0_2_00007FF7C40582F8
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, 0_2_00007FF7C4058390
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: EnumSystemLocalesW, 0_2_00007FF7C40533C4
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW, 0_2_00007FF7C4057ED8
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: GetLocaleInfoW, 0_2_00007FF7C4053960
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C40648E8 GetSystemTime,EnterCriticalSection,LeaveCriticalSection, 0_2_00007FF7C40648E8
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4120880 LookupAccountNameW,LookupAccountNameW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, 0_2_00007FF7C4120880
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41930C8 GetTimeZoneInformation, 0_2_00007FF7C41930C8
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C411B8FC _Aligned_get_default_resource,_invalid_parameter_noinfo_noreturn,GetVersionExW,RegGetValueW, 0_2_00007FF7C411B8FC
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C410D754 CreateBindCtx, 0_2_00007FF7C410D754
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4082CD0 socket,htons,htonl,bind,setsockopt,listen,closesocket, 0_2_00007FF7C4082CD0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41235C0 RpcBindingFromStringBindingW, 0_2_00007FF7C41235C0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41235D0 RpcBindingSetAuthInfoExW, 0_2_00007FF7C41235D0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C41235B0 RpcBindingFree, 0_2_00007FF7C41235B0
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4123620 RpcBindingVectorFree, 0_2_00007FF7C4123620
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4123670 RpcServerInqBindings, 0_2_00007FF7C4123670
Source: C:\Users\user\Desktop\OneDriveUpdater.exe Code function: 0_2_00007FF7C4123710 RpcStringBindingComposeW, 0_2_00007FF7C4123710
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1467919 Sample: OneDriveUpdater.exe Startdate: 05/07/2024 Architecture: WINDOWS Score: 0 4 OneDriveUpdater.exe 13 15 2->4         started       
No contacted IP infos