PUP.OpenInstall.A
Table of Contents
Analysis Report
General information
| Family Name: | PUP.OpenInstall.A |
|---|---|
| Signature status: | Modified signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
e2ac521e484ea19e08a9a4c9f5ba953c
SHA1:
b4c3e5a4066e5bac5121665c6e0b868cd9351a79
File Size:
424.34 KB, 424336 bytes
|
|
MD5:
08009d2d9bd7f1311c9133ce2b79335c
SHA1:
90c1904c0aab8aed2ffd89dcb1d9f7aa081f3772
File Size:
370.13 KB, 370128 bytes
|
|
MD5:
c4ba7184d6b9187f91d4e42d795edd80
SHA1:
9876b0dd101e764f4dde2ff9cd972cd0083613f2
SHA256:
27E86807B4289DC54B49730F13B0E0980778EE9C946A946D5AF23A7708FBF4ED
File Size:
314.90 KB, 314896 bytes
|
|
MD5:
a52435eec6686361bce38a5168eaff84
SHA1:
1be4a954cb24e7575b4bae89f1d51d728c3bee6d
SHA256:
A5F263191CC595021BA97B51CBE48A7CC8F1A3EFE2B48244928A91C2D9E4098E
File Size:
467.47 KB, 467472 bytes
|
|
MD5:
e4727ff2a6416d562e6086fc64e12418
SHA1:
c1a201b421e6104da61f2a0dc4254923d9671f69
SHA256:
32DC8C50FCB70079038B90F29F507F5F76CBFF90A3527F740B55AD2A469FDDB8
File Size:
424.37 KB, 424368 bytes
|
Show More
|
MD5:
567029543a1fc8778992ecb98182d235
SHA1:
87c9aebfa0362f10615de87ac56458b7cd80190f
SHA256:
A735F56060429EE26E6EE9301DB9BED919EACA9DEAAFFD56145CE8693F8DF971
File Size:
438.38 KB, 438384 bytes
|
|
MD5:
101b0ef1161255286ec8e210ea1df578
SHA1:
b120b4387738f512dc5dce6b1a0ab6d94416a98f
SHA256:
D0ABA1E2A8BBB10C18E0740862CBEA70B7AF4F833D0F43E11F7400DB47D227D4
File Size:
368.88 KB, 368880 bytes
|
|
MD5:
703fe8774503541ff5588e89a139c1ca
SHA1:
dbbc1a2031bd621bbdea6c21ce8c914441120e71
SHA256:
EC9D6A19A4C9314F7E6557A3B33874C3FCC0BA4E6975C3AE137AAE303B250A08
File Size:
424.34 KB, 424344 bytes
|
|
MD5:
95fca8383c7c01b3faf3e243fad1483b
SHA1:
9c558b2b607515a2f9fc53213c4e338145fc9b19
SHA256:
E60FEF2905A7756DF116C845D362225D9D633B8AF1066E82C928A0AD060FFA9C
File Size:
368.08 KB, 368080 bytes
|
|
MD5:
af1f66750702f6ef8a67d1e2017928f6
SHA1:
b1060dea810c6b2e947376fa2083989f8dd9d0ba
SHA256:
E396104846DD5F020900BB4AF43C9F9C39284AC763DBA74F8B05D5B5EB3E954D
File Size:
435.34 KB, 435336 bytes
|
|
MD5:
2c6569c3e9be8bbfc18676309baf6b15
SHA1:
39cfb84b6ed24466d00f55f306d626787b622bfe
SHA256:
DBE0F3EF02F7C1292F02DA6BBF58E75D2ABD3422319D2D413C2AF67FCACE8122
File Size:
424.35 KB, 424352 bytes
|
|
MD5:
ad47a0b264bb26a7716ca0cea906046f
SHA1:
5ffdbd781625298a07ee0cd4667bfd524ded6865
SHA256:
BC82E25EF5DA18E0B6D7900C87D3031820505AF89246312A4C75904A7DAE01B5
File Size:
368.07 KB, 368072 bytes
|
|
MD5:
def261e4c71ff2032b3694f474cc2fb0
SHA1:
b14e66ca0cf7cb34bdf486a965d39e89f460744f
SHA256:
FB9F7A55BEEE33C9431D12366E25BD2BAFEA1821C5248379F355075A0A61FAE9
File Size:
368.08 KB, 368080 bytes
|
|
MD5:
7f5859298948d617a598600eedc7fb34
SHA1:
b6c8b5b94b68d7a2692ea2d48bcb60b5e534d002
SHA256:
775DF90529D5B676499F983CF85EC4F8C82D9E65B2A401A50FBCE52C4CD82CA6
File Size:
368.88 KB, 368880 bytes
|
|
MD5:
4bbe6b9e7fc5582b51b673d9598d1b11
SHA1:
56e01ffc9cd146dd42eb9a03baecaa46555c5eb1
SHA256:
A1E4DC32BC0667A86C199E93566B767428121E3FA5EF8DE19EDB5F479A5B13F6
File Size:
424.36 KB, 424360 bytes
|
|
MD5:
72b7dcb09ab4a9bf608c774d891b2a5d
SHA1:
5f0d86a3501985b7251828b836e96191b6c51ee5
SHA256:
0E6BCA9170C74619E09B1FC3603A9D62FE49C561807A74E19FDB3E85996D3F2A
File Size:
368.12 KB, 368120 bytes
|
|
MD5:
6ee0ce7ca0f5e25570a9a132493a9aa8
SHA1:
878a7f6368a1fa4498b9bc1e909859a7a9107907
SHA256:
BC41D38273A642B8659A6E9D673C607135A74307BEEF5C8635A7EBC9CDDC7FEC
File Size:
471.48 KB, 471480 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Show More
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name |
|
| File Description |
|
| File Version |
|
| Legal Copyright |
|
| Legal Trademarks | TuneUp Utilities(tm) |
| Product Name |
|
| Product Version |
|
File Traits
- HighEntropy
- Installer Manifest
- Installer Version
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 19 |
|---|---|
| Potentially Malicious Blocks: | 9 |
| Whitelisted Blocks: | 10 |
| Unknown Blocks: | 0 |
Visual Map
x
x
0
0
x
x
x
x
0
0
0
0
0
x
0
0
x
0
x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- OpenInstall.A
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\appdata\local\temp\oic11e9.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\oic16e0.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\oic30f5.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\oic311a.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\oic44b5.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\oic487e.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\oic559e.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\oica2a3.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\oica7c4.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\oica7d3.tmp | Generic Write,Read Attributes |
Show More
| c:\users\user\appdata\local\temp\oicaa0a.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\oicbaaa.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\oicbaba.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\oicbb94.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\oice7d8.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\oicf087.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\oicf600.tmp | Generic Write,Read Attributes |
