» A-Ptch.exe
Overview
Analysis
File Details
Programs (1)
Network (1)

A-Ptch.exe

Advance Ptch

HackMew Productions

The executable A-Ptch.exe has been detected as malware by 17 anti-virus scanners. This file is typically installed with the program Pokemon Game Editor by 0xRH. While running, it connects to the Internet address no.rdns.ukservers.com on port 80 using the HTTP protocol.

File name:

A-Ptch.exe

Publisher:

HackMew Productions

Product:

Advance Ptch

Version:

1.00

MD5:

3e515189540cc174e0b64e55067ee526

SHA-1:

c407409ade961d67f931370ca68513a8f78df3ec

SHA-256:

c5e477dd37130eb5daaabf0d98dc9562b505869c338bab04d992280847ed01ac

Scanner detections:

17 / 68

Status:

Malware

Analysis date:

4/19/2024 3:14:50 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.10483043

977

Bitdefender

Trojan.Generic.10483043

1.0.20.765

Emsisoft Anti-Malware

Trojan.Generic.10483043

8.14.06.02.09

F-Secure

Trojan.Generic.10483043

11.2014-02-06_2

G Data

Trojan.Generic.10483043

14.6.24

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.2.2.29

K7 AntiVirus

Riskware

13.176.11302

McAfee

Artemis!3E515189540C

5600.7111

MicroWorld eScan

Trojan.Generic.10483043

15.0.0.459

Norman

Suspicious_Gen4.ESRBT

11.20140602

nProtect

Trojan.Generic.10483043

14.02.28.01

Qihoo 360 Security

HEUR/Malware.QVM18.Gen

1.0.0.1015

Rising Antivirus

PE:Trojan.VBInject!1.6546

23.00.65.14531

Sophos

Mal/VB-BL

4.98

Trend Micro House Call

TROJ_SPNR.29A013

7.2.153

Trend Micro

TROJ_SPNR.29A013

10.465.02

VIPRE Antivirus

Trojan.Win32.Generic

26960

File size:

67 KB (68,608 bytes)

Product version:

1.00

Original file name:

A-Ptch.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

File PE Metadata

Compilation timestamp:

1/21/2010 10:46:38 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:tFQGLPB2Wk4jwTrTGv9aUUNXa7pyAfqJGBoFnouy8HDrDMPvt9Vd:tFt92sj6G9avMLYG+doutHDrDavt9Vd

Entry address:

0x2D430

Entry point:

60, BE, 00, 20, 42, 00, 8D, BE, 00, F0, FD, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 47, B8, 02, 00, 57, 83, C3, 04, 53, 68, 1F, B4, 00, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Entropy:

7.5120

Code size:

48 KB (49,152 bytes)

The file A-Ptch.exe has been discovered within the following program.

Pokemon Game Editor by 0xRH

A ROM hacker for the Pokemon video game.

www.0xRH.com

About 5% of users remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to no.rdns.ukservers.com (94.229.72.115:80)

Remove A-Ptch.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.