Multi-License Discount Quote

Change Region

English
Threat Database Adware Adware.OpenSUpdater.PBA

Adware.OpenSUpdater.PBA

By CagedTech in Adware

Threat Scorecard

Popularity Rank: 27,579
Threat Level: 20 % (Normal)
Infected Computers: 10
First Seen: July 29, 2023
Last Seen: January 15, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Adware.OpenSUpdater.PBA
Signature status: Root Not Trusted

Known Samples

MD5: 7de69f7333da9bd45214bb5df11191e4
SHA1: 883e59117eb007e168b01e57f79e5e403956a296
SHA256: 7BDC3DC0C9111EF6EBC796CFD5B670B9EBFF6D59074AB36CC140B77320231D99
File Size: 937.47 KB, 937472 bytes
MD5: 710d605ca0e0b12d656ab2d7d7daa8c2
SHA1: 45f160d10427fb36578af2f8a038a628ff0b08aa
SHA256: 8E779948803E7AA270089718F7DF55B21786EF0A682C71B2D04BC759993FACA3
File Size: 7.80 MB, 7796864 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • Hexagon Corporation
  • SwampFear Corp
File Description
  • Hexagon
  • SwampFear
File Version
  • 2.0.7.6
  • 1, 6, 3, 182
Internal Name swampfear
Legal Copyright
  • (C) 2012 Hexagon Corporation. All rights reserved.
  • SwampFear Corp 2022
Original Filename Hexagon.exe
Product Name
  • Hexagon Bootstrapper
  • SwampFear
Product Version
  • 2.0.7.6
  • 1, 6, 0, 0

Digital Signatures

Signer Root Status
CherryYear CherryYear Root Not Trusted

File Traits

  • HighEntropy
  • x86

Block Information

Total Blocks: 11,247
Potentially Malicious Blocks: 1,700
Whitelisted Blocks: 9,281
Unknown Blocks: 266

Visual Map

0 0 0 x x x x x 1 1 1 1 1 x 0 0 x 1 1 0 0 x 0 0 1 x 0 1 ? 0 0 0 0 0 0 1 x 1 x 1 x 1 0 1 0 1 0 1 0 x 0 0 0 x ? x 0 x 0 x x x x x x x x 0 0 x x x x 0 x x x x x x ? x 0 x 0 0 x x x x x x x x 0 x 0 x x x x x x x x x ? ? x x ? x x x x x x 0 x x 0 0 0 x 0 0 0 0 0 0 x 0 x 0 x 0 0 x x x x x x x x x x x 0 x x x x x x 0 0 x 0 x x 0 0 x 0 0 x x 0 x ? 0 0 ? x x x 0 0 0 0 x 0 x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x x x 0 0 x x 0 x 0 0 0 0 0 x x x x x 0 x x x x x x x x x x 0 x x x x x x 0 x x x x 0 0 0 0 0 0 0 x x x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 x ? x 0 x ? x 0 x x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x x ? x x 0 x x x 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x x 0 0 x 0 0 0 0 x 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x 0 ? x 0 x x x 0 ? x x 0 x x x 0 ? x 0 x x x 0 ? x 0 x 0 x x x 0 ? x x 0 x x 0 x 0 ? x x 0 x x 0 0 0 0 0 0 0 x x 0 0 0 0 0 x x 0 ? x 0 0 x 0 x x x 0 x x 0 x x x 0 ? x 0 x x 0 x 0 ? x x 0 x x 0 0 0 x x x x 0 0 0 0 0 x 0 x ? x 0 x x 0 0 x x 0 x x ? x x 0 x x x 0 x x x 0 x ? x x 0 x x x 0 x x x 0 ? x x 0 x x ? x x 0 x x x 0 x 0 x 0 x 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x x x 0 0 x ? x 0 x x x 0 ? x x 0 x x x 0 ? x x 0 x x x 0 ? x x 0 x x x 0 ? x x 0 x x x 0 ? 0 x 0 x x x 0 0 0 x x 0 0 0 0 0 0 0 x x x 0 x x x 0 x x x 0 x ? x 0 x x x x 0 x x x x 0 x 0 0 x 0 x 0 x x x x x 0 x x x x 0 x x x 0 x x x 0 ? x x 0 x x ? ? x 0 x x x 0 x x 0 x x 0 ? x x 0 x x x 0 x 0 x 0 ? x x 0 x x ? x x 0 x x x 0 ? x 0 x x x 0 ? x x 0 x x x 0 x x x 0 x x x 0 ? x x x 0 x x x 0 ? x x 0 x x x 0 ? ? 0 x x x 0 ? x 0 x x x 0 0 x 0 x x 0 x 0 x x 0 x x 0 x 0 x 0 ? x x 0 x x x 0 ? x 0 x x x 0 ? x x 0 x x x 0 x 0 x x 0 x 0 ? x x 0 x x ? x x 0 x x x 0 ? x x 0 x x x 0 x 0 x x ? x 0 x x x 0 ? ? x 0 x x x 0 0 x ? x 0 x x 0 x x 0 ? x x 0 x x 0 x 0 x x x 0 x ? x 0 x 0 x x x 0 x x ? 0 0 x x 0 x x x 0 ? 0 0 x 0 x x x 0 x 0 ? x 0 x ? 0 x 0 ? x 0 x x x 0 ? x 0 x x x 0 x 0 ? x x 0 x x ? x x 0 x x x x 0 x x 0 x 0 x 0 x 0 ? x x 0 x x x 0 ? x x x 0 x x x 0 ? ? ? x 0 x x 0 x 0 ? x 0 x ? 0 x 0 ? x x 0 x x x 0 ? x 0 x x 0 x 0 ? x x 0 x ? x 0 ? x 0 x x x 0 ? x 0 x x x 0 ? x x 0 x x x 0 x x x 0 x ? x 0 x 0 ? ? x x 0 x x x 0 ? ? x 0 x x x 0 ? x 0 x x 0 x 0 ? x 0 x x 0 x 0 x x x 0 x x x 0 0 0 x 0 x x 0 x 0 x x x 0 x ? x 0 ? x x 0 x ? x 0 ? x 0 x x x 0 ? x x 0 x x x 0 x x x 0 x x x 0 ? x x x 0 x x x x 0 x x x 0 x x 0 x x x 0 x 0 ? x 0 x ? 0 x 0 x x x 0 x x x 0 x x ? ? x 0 x ? 0 ? x x 0 x ? ? x 0 x 0 ? x x 0 x x x 0 ? x x 0 x x x 0 ? x 0 x x 0 x 0 ? x x 0 x x x 0 ? x x 0 x x x 0 x 0 x ? x 0 x ? x x 0 x x x 0 x x x 0 x x x 0 x x x 0 x x x 0 x 0 x ? x 0 ? x 0 x x 0 x 0 ? x x 0 x x x 0 ? x x 0 x x x 0 ? x x 0 x x x 0 ? x x 0 x x x 0 ? x x 0 x x ? x 0 x ? 0 x 0 x 0 x x ? x x 0 x x x 0 x 0 ? x x 0 x x 0 x 0 ? x x 0 x ? ? x 0 x x x 0 ? x x 0 x ? x 0 x x x 0 x x 0 x 0 x x x 0 x ? x 0 ? x x 0 x ? x 0 ? x 0 x x x 0 x 0 x x x 0 x x x 0 ? x 0 x x 0 ? x 0 x 0 x x x 0 ? x 0 x 0 x x x 0 x x x 0 x x x 0 ? x x 0 x x x 0 ? x x 0 x x x 0 0 x 0 ? x 0 x 0 x x x 0 ? x x 0 x x x 0 ? x 0 x x 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x x 0 x x 0 0 0 0 0 x 0 0 0 0 x 0 x 0 ? x 0 x x x 0 x x x 0 x x x 0 x 0 x x x 0 x x x 0 ? x x 0 x x x 0 ? x 0 x ? x 0 ? x x 0 x x ? x x 0 x x x 0 ? x x 0 x x x 0 x 0 x 0 ? x x 0 x x ? x 0 x 0 x x x 0 ? x x 0 x x x ? x x 0 x x x 0 ? x x 0 x ? x 0 ? x 0 x x x 0 x x x 0 x x x 0 x 0 0 x ? x 0 x x 0 x 0 ? x x 0 x x x 0 ? x x 0 x x x 0 ? x x 0 x x x 0 x 0 x x x 0 x x x 0 x x x 0 ? ? x x 0 x x x 0 x 0 x 0 ? x x 0 x x x 0 ? x x x 0 x x x 0 x x x 0 x x x 0 ? x x 0 x x x 0 x x 0 x x 0 0 0 0 0 0 0 0 0 0 0 x x 0 x 0 0 0 ? x 0 0 x 0 x x x 0 ? x x 0 x x x 0 ? x x 0 x x x 0 ? x x 0 x x x 0 x 0 0 x 0 x x x 0 x x x 0 x x x 0 ? x x 0 x x x 0 x x 0 x x x 0 ? x 0 0 x 0 x x x 0 ? x 0 x x 0 x 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.WO
  • OpenSUpdater.PBA
  • PC Accelerator.H

Files Modified

File Attributes
c:\users\user\appdata\local\temp\rbx-e32d5c9f.log Generic Write,Read Attributes
c:\windows\45f160d10427fb36578af2f8a038a628ff0b08aa_0007796864.ini Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\roblox corporation\hexagon::cpath C:\Users\user\AppData\LocalLow\rbxcsettings.rbx RegNtPreCreateKey
HKLM\software\wow6432node\ita::rst  RegNtPreCreateKey

Windows API Usage

Category API
Network Winsock2
  • WSAStartup
Network Info Queried
  • GetAdaptersInfo
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Other Suspicious
  • SetWindowsHookEx

Trending

Most Viewed

Loading...