Multi-License Discount Quote

Change Region

English
Threat Database Adware Adware.OpenSUpdater.AC

Adware.OpenSUpdater.AC

By CagedTech in Adware

Threat Scorecard

Popularity Rank: 11,210
Threat Level: 20 % (Normal)
Infected Computers: 5,969
First Seen: January 24, 2013
Last Seen: October 24, 2025
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Adware.OpenSUpdater.AC
Signature status: Format Error

Known Samples

MD5: 31db26bd1a44ca8ade046fdf3a10340a
SHA1: 19264274b1b741d26a9ba50b2422b320fbdbaa40
SHA256: A443D75A9F373C928EBA6772BC8363B31C83CB4FB3C568E68B70598DEF03C46F
File Size: 8.45 MB, 8452072 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have relocations information
  • File has TLS information
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name IdleTime Software
File Description IBuddyService
File Version 2.1.0.3
Internal Name IBuddyService
Legal Copyright IdleTime Software 2021
Original Filename ibuddyservice.exe
Product Name IBuddy
Product Version 2.1.0.3

File Traits

  • 2+ executable sections
  • HighEntropy
  • x64

Block Information

Total Blocks: 6,342
Potentially Malicious Blocks: 804
Whitelisted Blocks: 5,434
Unknown Blocks: 104

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x x x x x x x x x x x 0 0 x 0 x x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 x x 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x x x 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 x 0 1 1 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 x 0 x 0 0 x 0 0 x x 0 0 0 x 0 0 0 0 0 x 0 0 0 0 x x 0 0 0 0 0 0 0 x x x 0 x x x x x 0 x x x x x x x 0 0 x x x x x x x x 0 0 0 0 0 0 0 x 0 0 0 x 0 x x 0 0 0 0 x x 0 x 0 0 0 0 0 0 0 x x x x 0 0 0 0 0 0 0 0 0 x x x x x x 0 0 x x x x x x x x x x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x x x 0 1 0 x 0 0 0 x x x x 0 x 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 1 1 0 0 0 x 0 0 0 x x x x 0 0 x 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 1 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 1 0 0 0 x x x 0 x x 0 0 x 0 x x 0 x x x x ? ? ? x 0 x x x 0 0 0 x 0 0 x x x x 0 x x 0 x x 0 x 0 x 0 x x 0 0 x x x x 0 0 0 0 0 0 0 0 x x x 0 x x 0 0 0 x 0 0 0 0 x x 0 x 0 x x x x x x x x 0 x x 0 0 x x 0 x x x x 0 0 0 x 0 0 0 x x x x x 0 x 0 x x 0 0 x x 0 x x x x x x x x ? x 0 x x x x x x x x x 0 x 0 x 0 0 x x x x x x x x x 1 x x x x 0 0 x x x x x x x x x x x x x x x x x x x 0 0 0 0 x x 0 x x x x x x x x x x x x x x x x x x x 0 x x x x x x x 0 x 0 0 0 x 0 x x 0 0 x 0 ? 0 0 0 0 0 0 0 0 x x 0 ? x 0 0 0 0 0 0 x x ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 x 0 0 0 0 ? 0 0 x 0 0 0 0 x x x x x x x 0 x x 0 0 0 0 0 0 0 x ? x x 0 0 0 0 0 0 0 0 0 x x 1 0 0 0 0 0 0 x 0 x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x ? 0 x 0 x x x 0 x 0 x 0 0 0 0 0 0 0 x x x x x 0 x x x x x 0 x x x x 0 ? x 0 0 0 0 ? x 0 x 0 x x 0 x 0 x 0 x 0 x x x x x 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 x ? 0 0 0 0 0 0 0 0 0 ? 0 0 x 0 x 0 0 x x x 0 0 0 x x 0 0 0 ? 0 0 0 0 ? 0 x 0 x 0 x 0 0 0 0 ? x 0 0 x 0 ? 0 x 0 x x 0 x x x x x x 0 0 ? 0 x 0 x 0 0 0 0 0 0 0 0 0 ? 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 ? x 0 x x x x x 0 0 ? 0 x 0 0 0 0 0 x 0 x 0 0 0 0 0 x x x x 0 0 x x 0 ? x 0 0 0 0 x 0 0 0 ? 0 0 x 0 0 0 x 0 0 0 0 0 x 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x x x x 0 x x x 0 ? 0 0 ? x 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x x ? 0 0 0 0 ? 0 0 x x 0 0 0 0 ? 0 0 0 x 0 x x x 0 ? x 0 x 0 0 0 0 0 0 0 1 x 0 0 x 0 0 0 0 0 0 0 0 0 x 0 ? ? 0 0 ? 0 0 0 ? 0 x ? x 0 0 0 0 0 ? 0 0 x x x x x x x x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 x x x 0 ? 0 0 x 0 0 ? 0 x x 0 0 0 ? x ? 0 0 0 0 0 ? x x 0 0 0 x x x x x x x x x x ? 0 0 0 0 0 x 0 x 0 x x 0 0 x x 0 x 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 x 0 ? 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x x x x 0 0 x 0 0 ? 0 0 0 ? ? 0 ? 0 x x 0 x x ? x x 0 0 0 ? x x x 0 0 x x x 0 x x x x x 0 x x 0 x x x x 0 x x x x x 0 x x x x x 0 x x x x 0 x x x x 0 x x x 0 ? x 0 x x 0 ? 0 0 x x ? 0 x 0 0 ? ? 0 x 0 x 0 x ? 0 x 0 0 x 0 0 0 0 0 0 ? x x ? x x x 0 0 0 0 0 x x 0 0 0 ? x x 0 0 0 x 0 x x x 0 0 x x 0 0 0 x 0 x 0 x x ? x x 0 x x 0 x x x x x x x x x x x 0 x x x 0 x x x 0 x 0 0 x x 0 x x x 0 x 0 0 x x ? x x x 0 x x 0 x x x 0 x x x x x x x x x x x 0 x 0 x x ? x 0 x x x 0 0 x x 0 x x ? x 0 x x x 0 x x x x 0 x x x x x 0 x x x x 0 x 0 0 x x ? x x x x x x x x 0 x x x x ? 0 x 0 x x ? x 0 0 x ? x ? x ? x x x 0 x x x 0 x x x 0 x x x x x x x 0 0 0 x 0 x x x x x x x x x x ? 0 x 0 x x 0 x 0 0 x x x 0 ? ? x 0 x ? x x 0 x x x x x x 0 x 0 x x x x 0 x x x 0 x x 0 x 0 x x 0 0 x ? 0 x ? x x 0 0 0 ? x x x 0 0 0 x 0 0 x ? x 0 0 x x ? 0 0 x x x 0 x 0 0 0 x x x x x 0 0 x 0 x ? 0 ? 0 x x x 0 0 0 0 0 x 0 0 x ? x 0 0 x 0 x 0 0 0 x 0 x x x 0 0 0 0 0 0 0 x 0 0 0 ? x 0 x 0 x 0 x 0 0 0 0 x x x 0 x x 0 ? 0 x 0 ? 0 0 0 0 x x x x x 0 0 0 x x 0 0 0 x 0 x x x 0 x 0 x x 0 0 x x x 0 x x 0 x 0 x 0 x x x x x x 0 ? ? ? ? x x 0 ? ? 0 0 ? ? x ? ? x x 0 x x x x x x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • OpenSUpdater.AC

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
Show More
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState

Trending

Most Viewed

Loading...