PUP.OpenBullet
Table of Contents
Analysis Report
General information
| Family Name: | PUP.OpenBullet |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
09dc2611d3ed88cc60e5f10e2b1553f5
SHA1:
4df28797a5d1832005561d1ea6c56ec19f833bd3
File Size:
1.59 MB, 1592320 bytes
|
|
MD5:
bf0b3cdd4e219de2359a62f9b7a3fe28
SHA1:
3dfdc74e8c922e9a5dc60aa25cd50842f08c797d
SHA256:
498190947C96CBD27C9079E27D61D902AEC3ED2479A17D716DEAE48F080941A5
File Size:
107.01 KB, 107008 bytes
|
|
MD5:
24c2194e55bfca53f3f8313c538ee256
SHA1:
21afb39aa01316862fac718ac7b600ecd4235009
SHA256:
5284CF639A321350009470CFD96134FA4EA09C344788FF31FF1F5E4530E37C93
File Size:
152.58 KB, 152576 bytes
|
|
MD5:
f0763223b4d8e97df5b581fc243898b1
SHA1:
3bb9a74289002c9c56a8976d5ca1d7044df9bad3
SHA256:
8B04F4F4507B5C41895572C1119EA95970A0C813C271E6BE28A898A17FE50002
File Size:
1.54 MB, 1538560 bytes
|
|
MD5:
edd43f8ec103d6c54631f1e45ddb30ef
SHA1:
cd069f3931b653ecd985d62818c32368c256a23d
SHA256:
A9402084598A15BEAA1547E5D95A576A2B942B89BAA9193A45F2618CE6133AF2
File Size:
3.32 MB, 3317760 bytes
|
Show More
|
MD5:
480fd4ade1872f7ccb4b85d1b5179237
SHA1:
b44e424225e89140b7079a5c6842a2ff8f8bdb6d
SHA256:
2F8C63876333A84127B139E1F494DCD1602831AD7A725FBD446F9FC39A7FECB2
File Size:
905.80 KB, 905800 bytes
|
|
MD5:
93c4d9519708dca503dae55444d360cd
SHA1:
f368911f6f84f2411ca65d1e5483fad163e99a4b
SHA256:
0D970A13D1C8A0EFF565679940B7D256121812E55CD3AED551C055DFB560C1DB
File Size:
144.38 KB, 144384 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have security information
- File has exports table
- File has TLS information
- File is .NET application
- File is 32-bit executable
- File is 64-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
Show More
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Assembly Version |
|
| Company Name |
|
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright |
|
| Legal Trademarks | INTELBRAS |
| Original Filename |
|
| Product Name |
|
| Product Version |
|
File Traits
- .NET
- 2+ executable sections
- dll
- HighEntropy
- x64
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 452 |
|---|---|
| Potentially Malicious Blocks: | 0 |
| Whitelisted Blocks: | 452 |
| Unknown Blocks: | 0 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
1
0
1
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| User Data Access |
|
| Encryption Used |
|
| Anti Debug |
|
| Syscall Use |
Show More
16 additional items are not displayed above. |
