Adware.MSIL.OpenSUpdater.LG

By CagedTech in Adware

Table of Contents

Analysis Report

General information

Family Name:	Adware.MSIL.OpenSUpdater.LG
Signature status:	Self Signed

Known Samples

MD5: 0a6d449f63694e64dda76308d1ef71be

SHA1: 764e6df426b31f9952137b44e8810d0d0c259adc

SHA256: 54608BA9DBA599A202DC73602B3760FEB8AB1236ADA4B977FC02D0AC6458DE1D

File Size: 3.54 MB, 3544746 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File is .NET application
File is 64-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	1.7.7.1
Comments	Alcrisit Uninstaller
File Description	Alcrisit Uninstaller
File Version	1.7.7.1
Internal Name	AlrisitUns.exe
Original Filename	AlrisitUns.exe
Product Name	Alcrisit
Product Version	1.7.7.1

Digital Signatures

Signer	Root	Status
AlrisitDevFa Group Fa	AlrisitDevFa Group Fa	Self Signed

File Traits

.NET
big overlay
HighEntropy
Installer Manifest
Installer Version
x64

Block Information

Total Blocks:	267
Potentially Malicious Blocks:	87
Whitelisted Blocks:	83
Unknown Blocks:	97

Visual Map

0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 ? ? ? ? 0 ? ? 0 0 0 ? ? 0 0 x ? ? 0 ? 0 0 0 0 0 0 0 ? 0 0 0 x ? 0 0 x 0 0 0 0 0 0 0 x 0 ? ? ? x ? 0 ? ? ? 0 0 x x x x 0 x 0 x 0 0 x x ? 0 x ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 x 0 0 0 0 0 0 x x x 0 0 x x x ? ? 0 0 ? 0 x x ? x x ? x x ? 0 x x x ? 0 ? ? x ? x ? ? ? x x x x x ? x ? ? ? ? ? 0 x ? x x ? 0 x x x x x x x x x x x x x x x x x x x x x x x x x 0 0 x 0 0 x x x x 0 x 0 0 0 x x 0 x x x x ? x ? ? ? ? ? 0 ? ? ? x ? ? ? ? ? ? ? ? 0 x ? ? x ? x ? ? 0 ? ? ? ? ? ? ? ? x ? x x ? x 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelTimer2 ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCompareSigningLevels Show More ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDelayExecution ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtGetCachedSigningLevel ntdll.dll!NtGetContextThread ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenSection ntdll.dll!NtOpenThreadToken ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtResumeThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetTimer2 ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtSuspendThread ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtUnsubscribeWnfStateChange ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtYieldExecution UNKNOWN
User Data Access	GetComputerNameEx GetUserDefaultLocaleName GetUserName GetUserObjectInformation
Encryption Used	BCryptOpenAlgorithmProvider
Anti Debug	IsDebuggerPresent

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Adware.MSIL.OpenSUpdater.LG

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Windows API Usage

Windows API Usage

Submit Comment

Trending

Astaroth Banking Trojan

Unhindering.app

WARNING: SYSTEM RESOURCE LEAK Scam

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Is Stuck on Gray Screen

Discord Shows Black Screen when Sharing Screen