» onedrive.exe
Overview
Analysis
File Details
Behaviors (1)

onedrive.exe

Microsoft SQL Server

Microsoft Corporation

SQL Server Setup SXS Custom Action Library is part of the Microsoft SQL Server database platform. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘OneDrive’.

File name:

onedrive.exe

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft SQL Server

Description:

SQL Server Setup SXS Custom Action Library

Version:

2007.0100.1600.022 ((SQL_PreRelease).080709-1414 )

MD5:

543712edb158bdda1c9c82e17ad4e9ad

SHA-1:

29ff4de106ad124ebc14726eb74774644c947c2b

SHA-256:

33d625c1f9d7f092604489e8423eb4e181c534610205899d90dcfc4ce7cf2b92

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/20/2024 2:13:56 AM UTC (today)

File size:

538.2 KB (551,112 bytes)

Product version:

10.0.1600.22

Trademarks:

Microsoft SQL Server is a registered trademark of Microsoft Corporation.

Original file name:

sqlsxsca.dll

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\onedrive\onedrive.exe

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

8/23/2007 12:23:13 AM

Valid to:

2/23/2009 12:33:13 AM

Subject:

CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

610F784D000000000003

File PE Metadata

Compilation timestamp:

7/9/2008 6:50:48 PM

OS version:

6.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

12288:wnq3aNmAhkz6olIpVFVZTJjOg3PvAZL6HsFZRIeCjtY18GOa:wq3SmAhkz6olIpVRxOg3Pv4L6HsFZ5CS

Entry address:

0x2B670

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 83, FA, 01, 49, 8B, F8, 8B, DA, 48, 8B, F1, 75, 05, E8, 33, B6, FE, FF, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 73, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 6C, 24, 10, 48, 89, 74, 24, 18, 48, 89, 7C, 24, 20, 41, 54, 48, 83, EC, 20, 49, 8B, 59, 38, 48, 8B, F2, 4D, 8B, E0, 48, 8B, E9, 4C, 8D, 43, 04, 49, 8B, D1, 48, 8B... 
[+]

Entropy:

6.0755

Code size:

485.5 KB (497,152 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

OneDrive

Command:

"C:\users\{user}\appdata\local\microsoft\onedrive\onedrive.exe" \background

Scan onedrive.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.