googledrivesync.exe

  • File Path: C:\Program Files\Google\Drive\googledrivesync.exe

Hashes

Type Hash
MD5 294C1F547C89E9D362DFDABE66988A89
SHA1 B118320F8F57ECB8AFC92676B0336B0423755797
SHA256 75AA11154B45C24532A9CE7DA9FC4575F9C5F6CC913B31791B2A75AA5B6065C1
SHA384 CF9D47810C45403453AB7F18EF3033A60EE3125A8B62ACFC3B3627A4266D4E180032A0C465C603442E9A435A5FB82880
SHA512 5A25C9BC1454893B499AB03343F51F3E1761F6D81539B285CFCAA56CA10C907EF7ED2A6DE58A867E889D7137B46EEEBC2BFD4DC5E0F7A92C0E9DB78E036F3168
SSDEEP 786432:0zyngqOmGsd1eytWFzGjNFsNHlO38uJksv4awKl6eEK2W6IsV4ZdrenJVfw0HPxN:0zygFqzey4DFO38upBl6eE/WdqzYkPxN
IMP A6FD5349BCF73FC9E11DC3B566BD5FCE
PESHA1 9EFA83BF42D1C4DD3C466C9B71BDD6B022B31F5B
PE256 775F6DBCF1FB108E5BCBBABEC2D81B4894F3AA410460B9A68050CDC4F8FEA261

Runtime Data

Child Processes:

googledrivesync.exe

Open Handles:

Path Type
(RW-) C:\xCyclopedia File
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section

Loaded Modules:

Path
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\USER32.dll
C:\Windows\System32\win32u.dll
C:\Windows\System32\WS2_32.dll

Signature

  • Status: Signature verified.
  • Serial: 0C15BE4A15BB0903C901B1D6C265302F
  • Thumbprint: CB7E84887F3C6015FE7EDFB4F8F36DF7DC10590E
  • Issuer: CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  • Subject: CN=Google LLC, O=Google LLC, L=Mountain View, S=ca, C=US

File Metadata

  • Original Filename:
  • Product Name:
  • Company Name:
  • File Version:
  • Product Version:
  • Language: English (United States)
  • Legal Copyright:
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/72
  • VirusTotal Link: https://www.virustotal.com/gui/file/75aa11154b45c24532a9ce7da9fc4575f9c5f6cc913b31791b2a75aa5b6065c1/detection/

File Similarity (ssdeep match)

File Score
C:\Program Files\Google\Drive\googledrivesync.exe 68

Possible Misuse

The following table contains possible examples of googledrivesync.exe being misused. While googledrivesync.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_commandline_path_traversal_evasion.yml CommandLine\|contains: '\Google\Drive\googledrivesync.exe\..\' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.