OneDrive.exe
First submission 2024-10-17 00:44:02
File details
| File type: | PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows |
| Mime type: | application/x-dosexec |
| File size: | 1303.0 KB (1334272 bytes) |
| Compile time: | 2024-10-11 05:10:35 |
| MD5: | 1b99f0bf9216a89b8320e63cbd18a292 |
| SHA1: | 6a199cb43cb4f808183918ddb6eadc760f7cb680 |
| SHA256: | 5275e3db6276e5f0b85eff0c7b0282f56268646766b1566ba8f797e6ba2a9357 |
| Sections 2 | .text��� .rsrc��� |
| Directories 1 | resource |
File features detected
Anti VM
Signed
XOR
OSINT Enrichments
| Virus Total: | 38/77 VT report date: 2024-10-12 20:36:57 |
| Malware Type 2 | trojan downloader |
| Threat Type 3 | msil xworm bladabindi |
URLs, FQDN and IP indicators 1
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXp://185.215.113.16/inc/OneDrive.exe  |
185.215.113.16 |
2024-10-17 00:44:02 |
PE Sections 1 suspicious
| Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
|---|---|---|---|---|---|---|
| .text��� | 0x2000 | 0x12c030 | 1229312 | 27bb6830b0a09548e8b8c493ebfb79c684d48d92 | aecf885cfb371c9a43cd3a3fcabc7c41 | |
| .rsrc��� | 0x130000 | 0x197e8 | 104448 | 697d5ce5ff4493d628bcacb31763733fd796962d | 96195d2a7624cfa8a92b097ef35eba39 |
PE Resources 4
| Name | Language | Sublanguage | Offset | Size | Data |
|---|---|---|---|---|---|
| RT_ICON | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x148e1c | 1128 | |
| RT_GROUP_ICON | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x149284 | 90 | |
| RT_VERSION | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x1492e0 | 796 | |
| RT_MANIFEST | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x1495fc | 490 |
Meta infos 12
| LegalCopyright: | Copyright \xa9 2022 |
| Assembly Version: | 1.0.0.0 |
| InternalName: | OneDrive.exe |
| FileVersion: | 1.0.0.0 |
| CompanyName: | |
| LegalTrademarks: | |
| Comments: | |
| ProductName: | OneDrive |
| ProductVersion: | 1.0.0.0 |
| FileDescription: | OneDrive |
| Translation: | 0x0000 0x04b0 |
| OriginalFilename: | OneDrive.exe |
Packers detected 2
| Microsoft Visual C++ vx.x DLL |
| Microsoft Visual C++ v6.0 |