Multi-License Discount Quote

Change Region

English
Threat Database Adware Adware.MSIL.OpenSUpdater.RZ

Adware.MSIL.OpenSUpdater.RZ

By CagedTech in Adware

Analysis Report

General information

Family Name: Adware.MSIL.OpenSUpdater.RZ
Signature status: Self Signed

Known Samples

MD5: e782ec14d9869636d2e2620a630e8239
SHA1: 7b127b72a8382edcb793acb1befbb86c30874da0
File Size: 2.50 MB, 2502992 bytes
MD5: 86b4ad9d9ee77d9e95f500a6a26a370e
SHA1: d8b609e8bf8fe02b5984bfe3384fdef93d22296d
File Size: 2.50 MB, 2502992 bytes
MD5: 61efd134edc8f8dc7e27bf00d355100b
SHA1: c6e11a30fb9ac2c7d867957adc29658a5eca69a6
File Size: 2.50 MB, 2502992 bytes
MD5: 7f2db38522979466668484d30c2b906a
SHA1: 81ca50994ece19f15917ab72f2e974af2e1bc23c
File Size: 2.50 MB, 2502992 bytes
MD5: 6cf228561153fb5ae8e2c6324e6194b6
SHA1: 73de4edd7ed759f58875b1148d20385e6983bb07
SHA256: 68BBF56DF0B1A1D216366E6FD08807D9DF68BCB28FB9F812ADE55537358C26B9
File Size: 2.51 MB, 2507832 bytes
Show More
MD5: 3856c810d38b97767c39c678f3341e22
SHA1: 99d542bdb63f3273decd802379895989255efa2b
SHA256: 398BF44639BBD66E8D1A0513669CC6E8A4921B17D6F4A8BB12169DE2D8DA3CE8
File Size: 2.50 MB, 2502992 bytes
MD5: 981b61ed262d98673130239ce1f9cc2d
SHA1: b5b169b6a144f391d0e6ec6ffe37812679c3048a
SHA256: BFD5AEDEF452C42E08E06999398F63475CBB038A3F9DB6CF05A24D0D63D3C008
File Size: 2.51 MB, 2507832 bytes
MD5: 10b00a6309ff8875e4daa886c479786c
SHA1: bbdbff79752b45208f76ebffb2bceb175f6ea216
SHA256: 2AF74BB129B0C0BB90F94F49C1AED8D27FC34D657853BAA99AF07E2063094AA2
File Size: 2.51 MB, 2507832 bytes
MD5: 858b4aeab208d8a77d838093c5ad3a0f
SHA1: 9f85c37134e92448213136d647a88bc0e3187531
SHA256: 045325FD37E3D0BDF7C3A5370812EF4F6B8D16FAB16ABFA9548357C905B06F74
File Size: 2.51 MB, 2507832 bytes
MD5: c5253a6685313ffdccf47c7a054aab32
SHA1: 444fe88ac04dc98d86bca76ab7951edac161c2b9
SHA256: D5B8AC2534DE096368304043E9997C77F4249315F5EE486A2283723EE7134530
File Size: 2.50 MB, 2502992 bytes
MD5: 1f47627248ec35d18365bb93e36f3948
SHA1: b78057e23ea63737d395d8b2849d7e04481f1f93
SHA256: F8639657FAB8C25254DEA9A3CA7BC864D5B3CC6B0B562D025198E79397517E24
File Size: 2.50 MB, 2502992 bytes
MD5: abdad02bef194bc92bd0e3a6386ae30c
SHA1: 3af0599526b9c4ded564103528fa854c5a95d972
SHA256: 338961C8CDC668BA24D373A000CC2B3A552879C959B01F4B9D9FC36F5CD6FED5
File Size: 2.50 MB, 2502992 bytes
MD5: 1de4b0a834caa2ca6c07db3f47bfb718
SHA1: f2a5640c49397991ba3b115cfcb9cb780337ed48
SHA256: 7A8724209113A33A30A5CCE5D3EBC696AFF24A197AACB0D9BCAD44FDDD78C895
File Size: 2.50 MB, 2502992 bytes
MD5: 01c8b4f9993297029a53c0e0b31e8cdb
SHA1: 8b8288bfcec354833fd5aba2665f1cb15c86928a
SHA256: 54974EBD1624AEED92B1AABAEB9689F96B3DF8F369DB16C8EAE988036F6444F6
File Size: 2.51 MB, 2507832 bytes
MD5: 18d7b76b5cdee560053442e4eaa10ef4
SHA1: 4748740809128ec1fb61c38c6b639d2ca50bd496
SHA256: 6AC29E82E8576E29E9A79EDD21D8B47681DFCAD49148490FE0E00F9F4691F1D2
File Size: 2.50 MB, 2502992 bytes
MD5: 4885669af1f62f0a943e3b76de171133
SHA1: 121f2118f36e1d3faa931c03b367e5a3a77f5df9
SHA256: 9526B21501C4096F2123AA9997D19569079769E222695E4932FBECA40F662789
File Size: 2.51 MB, 2507832 bytes
MD5: 91cfc6a7663852db3975672c22ea51b0
SHA1: b755a798dba3065563156c7de5470d007f9f836c
SHA256: D473EEF4D97C59864B3EC63B7C198E80CDFFE50268E1085F219DEE2DDF71E86C
File Size: 2.51 MB, 2507320 bytes
MD5: 8385c471f92f4428fb98e599d82c2bcb
SHA1: 8997af465b8bc02054a516a12adbe4f867718932
SHA256: D229FF72FF05F74C03035886DAE02218F71682E01CD12DFF5DFB9696DAFD030C
File Size: 2.50 MB, 2502992 bytes
MD5: 45281ae4c818cfa629d66e78ebeaa1e6
SHA1: 5ae3bd6ed7cea2315bd1d59d5a5ed03a664d42ae
SHA256: 359FE9E7614C7715AF58B9ADA4B48D20E7C04A7FE5E5A34BE0684861059E4464
File Size: 2.50 MB, 2502992 bytes
MD5: f10aef648197f41807afde894d56debe
SHA1: fd10c8076932465e121358239f7117ef85f7af6d
SHA256: 389AF772F2F1293C223BE4FFC8E0A038E4DF90B28A8F1E05A0B540DE6622B742
File Size: 2.51 MB, 2507320 bytes
MD5: 81032f76a6e1ab9c8827983db292f747
SHA1: a4f07d5936525fdd022fb87e713474ff510ccfeb
SHA256: 9AC27BD8450BDA4DDA3B4AA6E9EE05F6C3B5C3650DB3E217CBB48EFD1F238242
File Size: 2.51 MB, 2507320 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Digital Signatures

Signer Root Status
ConnectWise, LLC DigiCert Trusted Root G4 Root Not Trusted
ScreenConnect Client ScreenConnect Client Self Signed

File Traits

  • No Version Info
  • x86

Block Information

Total Blocks: 1,606
Potentially Malicious Blocks: 29
Whitelisted Blocks: 1,577
Unknown Blocks: 0

Visual Map

x x 2 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 0 0 1 1 1 1 2 0 x x 0 0 0 0 0 x x 0 1 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 2 2 0 3 1 1 0 0 1 0 0 0 0 0 0 x x 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 3 0 0 1 0 1 0 0 0 0 0 0 1 0 0 0 0 0 1 1 0 0 1 0 0 0 2 2 1 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 1 1 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 2 x x 0 0 x 0 0 0 0 0 x 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 x x 0 0 x x x 0 0 x x 0 x 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 1 1 1 0 0 1
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • MSIL.OpenSUpdater.RZ

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\eventlog\application\screenconnect::eventmessagefile C:\Windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey

Windows API Usage

Category API
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Anti Debug
  • NtQuerySystemInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
Other Suspicious
  • AdjustTokenPrivileges

Trending

Most Viewed

Loading...