This repo contains source code for DLL sideloading the version.dll for OneDriveUpdater.exe/OneDriveStandaloneUpdater.exe.
The payload is based on the subroutines outlined in the PaloAltoNetworks Unit42's blog post.
My blog post regarding this payload: https://blog.sunggwanchoi.com/recreating-an-iso-payload-for-fun-and-no-profit/
Modified source code from the proxy DLL created by SharpDLLProxy from Flangvik.
A console version of the above used for debugging purposes. Already contains a messagebox shellcode.