» OneDriveSetup.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Downloads (49)

OneDriveSetup.exe

Windows Live

Microsoft Corporation

This is a setup and installation application. This is the uninstaller utility registered in the Windows Control Panel for the program Microsoft OneDrive by Microsoft Corporation. This is installed with Microsoft OneDrive. The file has been seen being downloaded from go.microsoft.com and multiple other hosts.

File name:

OneDriveSetup.exe

Publisher:

Microsoft Corporation (signed and verified)

Product:

Windows Live

Description:

Microsoft OneDrive Setup

Version:

17.3.5860.0512

MD5:

b0dc4162d258c923c09f1252c711f518

SHA-1:

7d4f02fc100373744a351e88846e01ddd4144a12

SHA-256:

8545a43a1fc4b4149320b039b0fbefdbef1ed8df054bf82d5637e34f0c8c7f33

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

4/27/2024 3:21:04 AM UTC (today)

File size:

7.3 MB (7,676,608 bytes)

Product version:

17.3.5860.0512

Original file name:

OneDriveSetup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\onedrive\update\onedrivesetup.exe

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

4/23/2014 3:39:00 AM

Valid to:

7/23/2015 3:39:00 AM

Subject:

CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

33000000CA6CD5321235C4E1550001000000CA

File PE Metadata

Compilation timestamp:

5/12/2015 5:28:45 PM

OS version:

6.2

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

196608:3WcHAhcCbwAPyGqG/GUPXkvgL3U6mw24niYV0oheGGv+sxqdbZnvbonz:1QxwwsMGUPXEqk6mB2f0oYZv+5dGz

Entry address:

0x227B0

Entry point:

E8, 58, 38, 00, 00, E9, 81, FE, FF, FF, CC, CC, CC, CC, CC, E9, F6, 3C, 00, 00, CC, CC, CC, CC, CC, FF, 35, 10, 75, 4B, 00, FF, 15, F4, D2, 4B, 00, 85, C0, 74, 02, FF, D0, 6A, 19, E8, B9, 2F, 00, 00, 6A, 01, 6A, 00, E8, 0C, 3D, 00, 00, 83, C4, 0C, E9, 28, 3D, 00, 00, CC, CC, CC, CC, CC, 55, 8B, EC, 83, EC, 10, EB, 0D, FF, 75, 08, E8, E0, 3F, 00, 00, 59, 85, C0, 74, 0F, FF, 75, 08, E8, 3C, 3F, 00, 00, 59, 85, C0, 74, E6, C9, C3, 6A, 01, 8D, 45, FC, 50, 8D, 4D, F0, C7, 45, FC, 50, 14, 40, 00, E8, AA, 25, 00... 
[+]

Entropy:

7.8649 (probably packed)

Code size:

705.5 KB (722,432 bytes)

Program Uninstaller

Program name:

Microsoft OneDrive

Display publisher:

Microsoft Corporation

Display version:

17.3.5860.0512

Uninstall string:

C:\users\{user}\appdata\local\microsoft\onedrive\17.3.5860.0512\onedrivesetup.exe \uninstall

The file OneDriveSetup.exe has been discovered within the following program.

Microsoft OneDrive by Microsoft Corporation

OneDrive is a file hosting service that allows users to upload and sync files to a cloud storage and then access them from a Web browser or their local device.

onedrive.live.com/about/en-us

6% remove it

The file OneDriveSetup.exe has been seen being distributed by the following 49 URLs.

http://go.microsoft.com/.../?LinkID=248256&clcid=0x40d

http://dw.cbsi.com/redir?ttag=visit_site_btn_click&lop=link&ptid=3000&pagetype=product_detail&astid=2&edid=3&siteid=4&destUrl=https://oneclient.sfx.ms/Win/Direct/17.3.5860.0512/.../online-storage-data-backup&topicbrcrm=&pid=14374817&mfgid=50119&merid=50119&ctype=dm&cval=NONE&ltype=dl_dlnow&spi=6add87bb4acebb64bca8792c55194ba4&devicetype=desktop&pguid=ae5a880efdf0317e3448a791&viewguid=hj3NhujkNkPSNjXYo0NHPUGuo-S3zu32V@jz

http://go.microsoft.com/.../?LinkID=248256&clcid=0x401

http://go.microsoft.com/.../?LinkID=248256&clcid=0xc07

http://go.microsoft.com/.../?LinkID=248256&clcid=0x340a

http://go.microsoft.com/.../?LinkID=248256&clcid=0x41f

http://go.microsoft.com/.../?LinkID=248256&clcid=0x412

http://go.microsoft.com/.../?LinkID=248256&clcid=0x418

http://filehippo.com/download/file/.../

https://onedrive.live.com/download.aspx?cid=3AF41A7EDD3850B4&resid=3AF41A7EDD3850B4!180&canary=wxbo2rXuylRcdbl274WRm0C3vB5A6EeI3s6HKA9TJL4=6&ithint=.exe

http://go.microsoft.com/.../?LinkID=248256&clcid=0x1809

http://dl.cdn.chip.de/downloads/.../OneDrive586Setup.exe

http://go.microsoft.com/.../?LinkID=248256&clcid=0xc09

http://go.microsoft.com/.../?LinkID=248256&clcid=0x2c0a

http://go.microsoft.com/.../?LinkID=248256&clcid=0x4409

http://go.microsoft.com/.../?LinkID=248256&clcid=0xc0c

http://filehippo.com/download/file/.../

http://go.microsoft.com/.../?LinkID=248256&clcid=0x41e

http://go.microsoft.com/.../?LinkID=248256&clcid=0xe40c

http://go.microsoft.com/.../?LinkID=248256&clcid=0x42a

http://go.microsoft.com/.../?LinkID=248256&clcid=0x80a

https://oneclient.sfx.ms/Win/Prod/.../OneDriveSetup.exe

https://oneclient.sfx.ms/mwg-internal/.../progress?id=HQzgSQelP7Qh8phZ1ojZOJCm1w4CHE_Q5SJ5CR4AFRQ,&dl

http://go.microsoft.com/.../?LinkID=248256&clcid=0x40e

http://go.microsoft.com/.../?LinkID=248256&clcid=0x404

http://go.microsoft.com/.../?LinkID=248256&clcid=0x40c

http://go.microsoft.com/.../?LinkID=248256&clcid=0x816

http://go.microsoft.com/.../?LinkID=248256&clcid=0x407

http://go.microsoft.com/.../?LinkID=248256&clcid=0x1c09

http://go.microsoft.com/.../?LinkID=248256&clcid=0x40b

Latest 30 of 49 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.