home

OneDriveSetup.exe

Windows Live

Microsoft Corporation

This is installed with Microsoft OneDrive. The file has been seen being downloaded from oneclient.sfx.ms.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Windows Live

Description:
Microsoft OneDrive Setup

Version:
17.3.4724.0224

MD5:
53b50539a84f009dd70acb4274a172d8

SHA-1:
f545566c7a7fb29f71b13d020de5f888a4ca566e

SHA-256:
819d9e878cb239b49bf49614bc2e822d254af408db0189faaecfcf82e57b4812

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/4/2024 5:02:23 PM UTC  (today)

File size:
6.9 MB (7,212,712 bytes)

Product version:
17.3.4724.0224

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
OneDriveSetup.exe

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\wct6852.tmp

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
4/22/2014 6:39:00 PM

Valid to:
7/22/2015 6:39:00 PM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
33000000CA6CD5321235C4E1550001000000CA

File PE Metadata
Compilation timestamp:
2/24/2015 9:26:06 AM

OS version:
6.2

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
196608:wVzmTBwh4Xzh6JdwILZgF+wI4uR168JSKUH:N9wCd4NFgF+t4F8JgH

Entry address:
0x1ED1C

Entry point:
E8, 56, 35, 00, 00, E9, 81, FE, FF, FF, CC, CC, CC, CC, CC, E9, EA, 39, 00, 00, CC, CC, CC, CC, CC, FF, 35, F0, 1C, 4A, 00, FF, 15, F0, 82, 4A, 00, 85, C0, 74, 02, FF, D0, 6A, 19, E8, B7, 2C, 00, 00, 6A, 01, 6A, 00, E8, 00, 3A, 00, 00, 83, C4, 0C, E9, 1C, 3A, 00, 00, CC, CC, CC, CC, CC, 55, 8B, EC, 83, EC, 10, EB, 0D, FF, 75, 08, E8, D4, 3C, 00, 00, 59, 85, C0, 74, 0F, FF, 75, 08, E8, 30, 3C, 00, 00, 59, 85, C0, 74, E6, C9, C3, 6A, 01, 8D, 45, FC, 50, 8D, 4D, F0, C7, 45, FC, 50, 14, 40, 00, E8, BE, 22, 00...
 
[+]

Entropy:
7.8660  (probably packed)

Code size:
623.5 KB (638,464 bytes)

The file OneDriveSetup.exe has been discovered within the following program.

Microsoft OneDrive  by Microsoft Corporation
OneDrive is a file hosting service that allows users to upload and sync files to a cloud storage and then access them from a Web browser or their local device.
onedrive.live.com/about/en-us
6% remove it
 
Powered by Should I Remove It?

The file OneDriveSetup.exe has been seen being distributed by the following URL.

https://oneclient.sfx.ms/Win/Prod/.../OneDriveSetup.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.