OneDriveUpdate.exe

First submission 2022-08-03 10:18:02

File details

File type: PE32+ executable (GUI) x86-64, for MS Windows
File type: 384.0 KB (393216 bytes)
Compile time: 2022-07-09 12:19:20
MD5: 797c11df23ab1ee9b72cc85803e0aa90
SHA1: 41ec187cd17ee0f34ec0356b8419575eaa38bbd8
SHA256: 50276571b60c05a68976baa27cf72ee5e5099e4528104281b7fbc8626ece0360
Import Hash : e07d5b7cbc0bb851691e27f13758b2a0
Sections 6 .text .rdata .data .pdata .rsrc .reloc
Directories 3 import resource relocation
Virus Total: 19/70 VT report date: 2022-07-25 19:35:51

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXp://146.70.24.168/load/OneDriveUpdate.exe VirusTotal Report 146.70.24.168 VirusTotal Report 2022-08-03 10:18:02
hXXps://dexpsystem.com/load/OneDriveUpdate.exe VirusTotal Report dexpsystem.com VirusTotal Report 2022-08-03 10:46:07

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x9058 37376 3f5f76dde42f0f465fc99065b1aa9fc7cc1bcdc8 3ca896d2b5bd276d8f4a84d3eb4dffe5
.rdata 0xb000 0x2994 10752 0889f13f8925c2540c69508d62291da2ea32d9dc 02a064bd1142e4433c9e882c303e83ce
.data 0xe000 0x54198 339968 92febcaa82263c7e4ceb163c5d9e63decd784e01 16d3b4d0c4395324b6b77cc7f32a5a50
.pdata 0x63000 0x6c0 2048 496e6020a26311fd2851a778efe6d189802dff4d 6860e195424ceffc13483e170b407784
.rsrc 0x64000 0x1b4 512 50db0f0302b60587135944fcabc415b04dff6909 dd03df27c412a441383fd4fa8b3e3dc1
.reloc 0x65000 0x5f0 1536 4d00f072e3b788fe197e32aa1aea72fb934f150d ec10e2d866af83cebe47b1aede40796b

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x64058 346

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 4

GetLastError
IsDebuggerPresent
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
USER32.dll
mscoree.dll
KERNEL32.dll

Import functions