Adware.OpenSUpdater.RA
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 9,837 |
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 545 |
| First Seen: | September 22, 2023 |
| Last Seen: | April 16, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Adware.OpenSUpdater.RA |
|---|---|
| Signature status: | Self Signed |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
d835a2a9dd03e4b23fe95fa04c606886
SHA1:
17f5afcc449d2d88bf068797f9e340ad72f0826a
File Size:
3.87 MB, 3873056 bytes
|
|
MD5:
a82d2d763b433bcf89df04258f733108
SHA1:
b7b5e0862b850f2035f0be4c2690b5d5aa5b08d5
File Size:
3.87 MB, 3873048 bytes
|
|
MD5:
80d98989984302945a029a0e7b081d0c
SHA1:
c0b26aec09ccd2c6f1f1e910433f3046f10ed3ac
File Size:
3.87 MB, 3873096 bytes
|
|
MD5:
6fb39cb22fa18c392d95f4da112751c7
SHA1:
a15597ed2920f4f934a6a4d7d5dfde2f2e9bfbd3
File Size:
4.97 MB, 4966704 bytes
|
|
MD5:
e1b6c24e1950abf86ba38d61cca254c2
SHA1:
9816f9b68f8a2cb223ab34fbc7a478f0ce2ab8e5
File Size:
4.97 MB, 4966720 bytes
|
Show More
|
MD5:
a8678bc9ee73e6efb4cf8ae8498ee891
SHA1:
ae483a9370909bac5a257faa1cd9f5bab871db85
SHA256:
C93C3E046AAD31A32ADDA97B5783B3F2DD1C847DEC7CB5D00F8B5550D8B9D105
File Size:
4.97 MB, 4966688 bytes
|
|
MD5:
6508e479bdd214cb875fb72f3c41cdf8
SHA1:
69c8061aaac5c10bdd200f22984ae44f9b7785c0
SHA256:
33FABD47842508AE1685BC967815259313B21B7638B8B93999433D1BA999FE37
File Size:
4.94 MB, 4941600 bytes
|
|
MD5:
19f6b399e6233e669e61fcf8c24e7114
SHA1:
3a9ccee69eb0d4e450a3a67e1307b8f4ff9a3ea8
SHA256:
B0ABD6D0FC74529AD02F01CD229DE292E6DC2DD5A5319F60AEC2B9B5EEE3F8C9
File Size:
4.97 MB, 4966688 bytes
|
|
MD5:
72065257eab63dca86922066e5ed5806
SHA1:
5c9c20c0207c17d11755c5b09cc505d7866a480d
SHA256:
AE77E7DB338D4E6DA82DB1F5B1C0EBCA4835A1480980B24EFF2C733927F62B67
File Size:
4.81 MB, 4805920 bytes
|
|
MD5:
7094cc0ac34c789c5e3415106f11abfe
SHA1:
3dc03d8fb9038dd3132a7d28d6591f28252db3d8
SHA256:
783696EBBE647D78E34338612F65EB1B977AEA15E1F629CDBBEFC3B8D1E13AB8
File Size:
4.97 MB, 4966688 bytes
|
|
MD5:
8ab24043b4f1ca9c1eec31fa78acb391
SHA1:
464ca1b3086927463d988ad773f86e1d78c59af1
SHA256:
1CE4B6C25F239F5132A3F65F726DD9E8240CF24C4089EA1CE18E48BE705E6A4A
File Size:
4.97 MB, 4966696 bytes
|
|
MD5:
0f5a068abcb35ad89cf80c88a528c26d
SHA1:
a382677333e1a821d24748da7c25e325d7d9bac9
SHA256:
C8E33F3487538C87152786BA19B7C4F132E9A772EB34624BCDB36EC0BA012527
File Size:
4.97 MB, 4966744 bytes
|
|
MD5:
8365c16e1bda446e18956ff6bdf68f0c
SHA1:
8c2105d9491c241b159891e80eb5fc633561bda3
SHA256:
C16AC4B17259B427E9FC09EDA709075F7BB1C355DD76BA4E69F94158EFFD1230
File Size:
4.97 MB, 4966680 bytes
|
|
MD5:
b47c014ed827741aeebcfefba341919d
SHA1:
3163c19e55f1897fa341f8e38bcf8affc01ffe6c
SHA256:
F7AF0594DD79B86B933D94456119B4593A5DC09208DDC8994B19821F8041BA44
File Size:
4.97 MB, 4966664 bytes
|
|
MD5:
9d281a9eb24307d67e35d7ab5d194380
SHA1:
f1b8007dc747cf1db930ba88ae8ca1bf238d1e60
SHA256:
5A62062A4D7E6FB0F3DF31FE27BB41071477CA540E14C271AA9AC7ED2F5513F1
File Size:
4.97 MB, 4966688 bytes
|
|
MD5:
317b85555eec77695c5e807f5923d9e0
SHA1:
e30a1a55c37fb32c6f80f41138055bb906abe8b8
SHA256:
F4CB6F1E3A99A17629CA53BF3D4298C0C9097E578170378AAA3D4E9EC6FA36A9
File Size:
3.87 MB, 3873080 bytes
|
|
MD5:
914b61e2c71cd8e771659f9a6e1de8e4
SHA1:
73b5ab4a16e4981631431afebd0b2255fbbfe869
SHA256:
1A7D3DA424C3ED150ACDC3942CB23CF3F0E300C09B89111A2E807FA085646485
File Size:
3.87 MB, 3873048 bytes
|
|
MD5:
1ba146320c0a48ba747ecd11f286ac36
SHA1:
bbd883dfa96631f17400a1e464b45c4f17cdcd6c
SHA256:
ABCBAC0C53B39216B4496A5CE238860ACD8BC6A26E31227658F1AC2F5212446B
File Size:
4.97 MB, 4966664 bytes
|
|
MD5:
58a6dbe3bf0b2d5c5c73ee5f2468bcbb
SHA1:
4fcecf000bd762ab5c1ae8852f91b008c684489e
SHA256:
AB8828C7BC70F1E6E64B4ECF5FE7C186269EA66925E7BFCF548BEEEEEDC95E88
File Size:
3.87 MB, 3873048 bytes
|
|
MD5:
347940557e36dfd1f8b0635912cb784c
SHA1:
e633a2d1627cba5c44395e8a4ac9e609616fd89e
SHA256:
B57FF13DDB8F89F892F1F62BB118C648A0BD12DF185C4544AF26A35F67331620
File Size:
3.87 MB, 3873056 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name | NirSoft |
| File Description |
|
| File Version | 1.51 |
| Internal Name |
|
| Legal Copyright | Copyright © 2017 - 2024 Nir Sofer |
| Original Filename |
|
| Product Name |
|
| Product Version | 1.51 |
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| Ask Tent | (downward) Against | Self Signed |
| Get Hook | Carpet Nasty | Self Signed |
| Appal Stocking | Check Judicial | Self Signed |
| Flaw Try | Count Ambulance | Self Signed |
| Front Adorn | Cucumber Shake | Self Signed |
Show More
| Sow Cucumber | Discuss Waste | Self Signed |
| Shift Off | Disorder Mark | Self Signed |
| Turn Experience | Expenditure Liaison | Self Signed |
| Prompt Haste | Factory Supply | Self Signed |
| Summon Tear | Feasible Listen | Self Signed |
| Massacre Syringe | Incur Commitment | Self Signed |
| Wretched Shave | Instance Superior | Self Signed |
| Poor Turn | Mental Cotton | Self Signed |
| Savage Pivot | Opaque State | Self Signed |
| Appreciate Quarter | Option Replicate | Self Signed |
| Pull Layout | Pedestrian Will | Self Signed |
| Assign Bachelor | Pound Wrestle | Self Signed |
| Pass Temple | Rely Absorb | Self Signed |
| Grope Nurture | Review Mainland | Self Signed |
| Roll Put | Sheet Thaw | Self Signed |
File Traits
- big overlay
- Installer Version
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 2,384 |
|---|---|
| Potentially Malicious Blocks: | 1,206 |
| Whitelisted Blocks: | 1,178 |
| Unknown Blocks: | 0 |
Visual Map
0
0
0
0
x
x
x
x
x
0
0
0
0
x
0
0
x
0
1
0
x
x
x
0
0
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
0
0
0
0
1
1
1
1
1
1
1
x
x
x
x
0
x
x
x
0
x
0
x
0
x
0
x
0
x
0
x
x
0
0
0
0
x
x
x
0
x
x
x
x
0
x
x
x
0
0
x
x
0
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
0
0
0
0
x
0
0
x
0
0
0
0
0
x
x
x
0
0
x
0
x
x
x
x
x
0
0
x
0
x
x
x
0
x
x
x
x
x
0
x
x
x
x
0
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
0
0
0
0
x
x
x
x
0
0
0
0
0
x
x
x
0
0
0
0
0
x
0
x
0
0
x
0
0
x
0
0
x
x
0
0
0
0
x
x
0
x
0
0
0
0
x
x
0
x
x
x
x
x
0
x
x
x
0
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
0
x
x
x
x
x
x
x
x
x
0
0
0
x
x
x
x
0
0
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
0
x
x
0
0
x
x
x
x
x
0
x
0
0
0
x
x
0
x
x
0
0
x
x
0
0
0
x
0
0
0
x
0
x
x
x
x
x
x
x
x
x
x
x
0
0
0
x
x
0
0
0
0
0
x
x
0
0
0
0
0
0
0
x
0
x
x
x
x
x
x
x
x
x
0
0
0
x
x
x
0
0
x
0
x
x
x
x
x
x
x
x
x
x
x
0
0
0
0
0
x
x
x
x
x
x
x
0
0
x
x
x
0
0
0
0
x
x
0
x
x
x
x
0
0
0
0
0
0
x
0
0
0
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
0
x
0
x
0
0
0
x
x
x
x
0
x
x
x
x
x
x
0
x
x
x
x
x
x
0
x
x
x
0
x
x
0
0
0
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
0
x
0
0
0
0
0
0
x
x
x
0
x
x
0
x
x
0
x
0
x
x
x
x
0
x
x
0
0
0
0
x
x
x
0
0
0
x
0
0
0
0
x
0
x
0
x
0
0
0
x
0
0
0
0
0
0
0
x
0
0
x
x
x
0
x
0
0
0
x
x
0
x
x
x
0
0
0
0
0
x
x
x
x
0
x
x
x
x
0
0
x
0
0
0
x
x
0
0
x
x
0
0
x
x
0
0
0
0
0
x
x
x
0
x
x
0
0
0
x
x
0
0
0
x
0
x
x
x
x
0
0
x
x
0
0
0
0
0
x
x
0
0
x
x
x
x
x
0
0
0
x
x
x
x
x
x
x
x
x
0
0
0
0
0
x
x
x
x
x
0
x
x
0
0
x
x
x
x
x
0
0
x
x
x
x
0
0
0
x
x
0
x
x
0
0
x
x
x
0
0
0
0
0
0
x
x
x
0
0
x
x
x
0
0
x
0
x
0
x
x
x
0
0
0
0
0
0
x
0
0
0
0
0
0
0
x
x
x
x
0
x
0
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
0
x
x
x
x
x
0
x
x
x
0
x
x
x
x
0
x
x
x
x
x
x
0
x
0
x
x
x
x
x
x
0
x
0
0
x
0
0
0
0
0
0
x
x
0
x
0
x
x
0
0
0
0
x
x
x
0
x
x
x
x
0
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
0
0
0
x
0
x
x
0
x
x
x
x
0
0
x
x
0
0
0
x
x
x
0
x
x
x
x
x
0
x
0
x
0
x
x
x
x
0
x
0
x
0
0
x
0
0
x
0
0
x
x
x
x
x
x
x
x
x
0
0
x
0
x
x
0
0
0
x
x
0
0
x
x
x
0
0
0
x
x
x
x
x
0
x
x
0
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
0
0
x
x
0
0
x
x
x
x
0
0
x
x
x
0
0
0
0
x
0
0
x
x
0
0
x
x
x
0
x
0
0
x
0
0
0
0
0
x
x
x
0
0
x
x
x
0
0
x
x
x
x
x
x
0
0
0
x
x
x
x
x
0
0
x
x
0
x
x
x
0
x
0
0
0
x
x
x
x
0
0
x
x
x
x
x
x
0
0
0
x
x
x
0
0
0
x
0
x
x
x
x
x
x
0
0
0
0
0
x
0
0
x
x
x
0
x
0
0
0
0
0
0
x
x
0
x
0
x
0
x
0
x
x
0
0
0
0
0
x
0
0
0
0
0
x
x
0
x
x
x
0
0
x
x
x
x
x
0
x
x
0
0
0
x
x
x
x
0
x
x
x
x
x
x
0
x
0
0
x
0
x
x
0
0
x
0
0
0
x
x
x
0
0
x
0
0
x
x
x
x
x
x
x
x
0
x
0
x
x
0
x
0
0
0
x
x
x
x
0
x
x
x
0
0
0
0
x
x
x
x
x
0
x
0
0
0
0
0
x
x
x
x
0
0
0
0
x
0
x
0
x
0
x
x
x
x
x
0
x
x
x
x
0
0
x
0
x
0
0
x
x
0
x
x
x
0
x
0
x
x
x
0
x
x
x
x
x
x
x
x
x
x
0
0
x
x
x
0
x
0
x
0
x
0
x
x
x
x
0
x
x
0
x
x
0
x
0
x
x
x
x
x
0
x
x
x
0
x
0
x
x
x
0
0
x
x
x
x
x
x
0
x
0
x
0
x
x
0
x
0
x
x
x
x
x
x
x
x
x
x
x
0
0
0
x
0
0
x
x
0
0
x
0
x
x
0
x
x
0
x
x
0
x
x
x
x
0
x
x
0
x
x
x
0
x
x
x
x
x
0
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
0
x
0
x
0
0
0
x
0
0
0
0
x
x
x
x
x
x
x
x
0
0
0
x
0
x
0
x
x
x
x
0
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
0
x
x
x
x
x
0
0
x
x
0
x
x
0
0
x
x
0
0
0
x
0
0
0
x
0
x
x
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
x
x
0
0
x
0
0
x
x
x
x
0
0
0
0
0
0
0
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
0
0
x
x
0
x
x
x
0
0
0
0
0
x
x
x
x
x
x
x
x
x
0
x
x
0
x
x
0
x
x
x
x
x
x
0
0
0
0
x
0
0
0
x
x
x
x
0
0
x
x
0
x
x
0
x
x
0
x
x
0
0
x
x
x
x
x
0
x
x
x
x
x
x
x
0
0
x
x
x
x
0
x
0
x
0
x
x
x
x
0
x
0
0
0
0
x
x
0
0
0
0
0
x
0
0
x
x
x
x
x
0
x
0
0
0
x
0
x
x
x
x
x
x
x
0
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
0
x
0
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
0
x
x
0
x
x
x
x
x
0
x
x
x
x
x
0
0
0
0
x
0
0
x
x
x
0
0
x
x
x
x
0
0
x
x
0
x
x
x
x
x
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
0
x
0
0
x
0
0
0
0
0
x
0
x
0
0
0
0
0
x
0
0
x
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
x
0
0
x
0
0
x
0
0
0
0
0
0
0
0
x
x
0
0
0
0
0
x
x
x
0
0
0
0
0
x
x
x
x
0
0
0
0
x
x
0
0
x
0
0
x
0
0
0
0
0
0
0
1
1
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
1
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
1
0
1
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
1
0
0
1
1
0
1
0
0
1
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
...
Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- OpenSUpdater.RA
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| \device\namedpipe\gmdasllogger | Generic Write,Read Attributes |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Anti Debug |
|
| User Data Access |
|
