SkyDrive.exe
Microsoft SkyDrive by Microsoft Corporation (Signed)
Warning 4 antivirus scanners has detected malware in various versions of SkyDrive.exe.
Overview
There are 8 versions of skydrive.exe in the wild, the latest version being 6.3.9431.0 (winmain_bluemp.130615-1214). skydrive.exe is run as a standard windows process with the logged in user's account privileges. By adding a startup entry to the run registry key, the file will be executed when the user logs into Windows. The average file size is about 326.67 KB. The file is a digitally signed and issued to Microsoft Corporation by Microsoft Corporation. During the process's lifecycle, the typical CPU resource utilization is about 0.0019% including both foreground and background operations, the average private memory consumption is about 13.14 MB with the maximum memory reaching around 24.99 MB. Addionally, typically read and write I/O disk operations is about 54 KB per minute for reads and 3.57 KB per minute for writes.
What is skydrive.exe?
SkyDrive is a file hosting service that allows users to upload and sync files to a cloud storage and then access them from a Web browser or their local device. It is part of the Windows Live range of online services and allows users to keep the files private, share them with contacts, or make the files public. Publicly shared files do not require a Microsoft account to access.
 Details
|
| File name: | skydrive.exe |
| Publisher: | Microsoft Corporation |
| Product name: | Microsoft SkyDrive |
| Typical file path: | C:\users\user\appdata\local\microsoft\skydrive\skydrive.exe |
| Certificate |
| Issued to: | Microsoft Corporation |
| Authority (CA): | Microsoft Corporation |
| Effective date: | Thursday, July 26, 2012 |
| Expiration date: | Saturday, October 26, 2013 |
Behaviors
(Note, the behaviors below are for all versions of skydrive.exe, select a unique version for details.)
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'SkyDrive' → "C:\users\user\appdata\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
Scheduled tasks
- The task 'Microsoft SkyDrive Auto Update Task-S-1-5-21-1318870350-1538431248-2977772109-1001' in the path '\Microsoft SkyDrive Auto Update Task-S-1-5-21-1318870350-1538431248-2977772109-1001'
- The job 'Microsoft SkyDrive Auto Update Task-S-1-5-21-3203543148-2324073305-2790340789-1001' in the path '\Microsoft SkyDrive Auto Update Task-S-1-5-21-3203543148-2324073305-2790340789-1001'
Malware detections
Based on 40+ industry antivirus scanners, 4 of them detected the following malware.
| Antivirus engine | Engine version | Detection | File version |
| Antiy Labs AVL |
2.0.3.7 |
Trojan/Win32.Agent2 |
17.0.2006.0314 |
| Antiy Labs AVL |
2.0.3.7 |
Trojan/Win32.Agent2 |
17.0.2010.0530 |
| Antiy Labs AVL |
2.0.3.7 |
Trojan/Win32.Agent2 |
17.0.2011.0627 |
| Antiy Labs AVL |
2.0.3.7 |
Trojan/Win32.Agent2 |
17.0.2015.0811 |
All file variations of skydrive.exe
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
28.66% |
|
| Windows 8 Pro |
15.92% |
|
| Windows 8 |
14.65% |
|
| Windows 8 Pro with Media Center |
12.10% |
|
| Windows 7 Ultimate |
10.83% |
|
| Windows 8.1 |
3.18% |
|
| Windows Vista Home Premium |
3.18% |
|
| Windows 8 Enterprise |
3.18% |
|
| Windows 7 Professional |
2.55% |
|
| Windows 8.1 Pro Preview |
1.27% |
|
| Windows 7 Home Premium N |
1.27% |
|
| Windows 8 Pro N |
1.27% |
|
| Windows Server 2012 Standard Evaluation |
1.27% |
|
| Windows 8.1 Pro Preview with Media Center |
0.64% |
|
Distribution by country
United States installs about 57.96% of Microsoft SkyDrive.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Hewlett-Packard |
25.81% |
|
| ASUS |
20.65% |
|
| Dell |
15.48% |
|
| Toshiba |
14.19% |
|
| Sony |
9.03% |
|
| Acer |
3.87% |
|
| Lenovo |
3.87% |
|
| Intel |
2.58% |
|
| Samsung |
1.94% |
|
| GIGABYTE |
1.29% |
|
| Alienware |
1.29% |
|
