» patch.exe
Overview
Analysis
File Details

patch.exe

The application patch.exe has been detected as a potentially unwanted program by 30 anti-malware scanners.

File name:

patch.exe

MD5:

a285a6dd9533fa18ace916b6b412e289

SHA-1:

a00d5d62a1306bd6fb9aaf748bbd42a408113ea8

SHA-256:

ac36eb46c536d674a38c5a44365cb2ee2e67f5a07b645ada26ccb2695ac6ec16

Scanner detections:

30 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 2:48:08 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.6040687

354

Agnitum Outpost

Trojan.PWS.LdPinch

7.1.1

AhnLab V3 Security

Trojan/Win32.LdPinch

2014.12.13

Avira AntiVirus

TR/Rogue.66028

7.11.195.24

AVG

PSW.Ldpinch

2017.0.2832

Baidu Antivirus

Hacktool.Win32.Patcher

4.0.3.16215

Bitdefender

Trojan.Generic.6040687

1.0.20.230

Dr.Web

Tool.Patcher.110

9.0.1.046

Emsisoft Anti-Malware

Trojan.Generic.6040687

8.16.02.15.07

ESET NOD32

Win32/HackTool.Patcher.AA (variant)

10.10869

Fortinet FortiGate

W32/Patcher.AA!tr

2/15/2016

F-Secure

Trojan.Generic.6040687

11.2016-15-02_2

G Data

Trojan.Generic.6040687

16.2.24

IKARUS anti.virus

Trojan-PSW.Ldpinch

t3scan.1.8.5.0

K7 AntiVirus

Hacktool

13.187.14319

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.656

McAfee

RDN/PWS-LDPinch!p

5600.6488

MicroWorld eScan

Trojan.Generic.6040687

17.0.0.138

NANO AntiVirus

Riskware.Win32.Patcher.ctlndb

0.28.6.63850

Norman

Troj_Generic.WFAHL

11.20160215

nProtect

Trojan.Generic.6040687

14.12.12.01

Panda Antivirus

Trj/CI.A

16.02.15.07

Qihoo 360 Security

HEUR/QVM11.1.Malware.Gen

1.0.0.1015

Quick Heal

(Suspicious) - DNAScan

2.16.14.00

Sophos

Generic Patcher

4.98

Trend Micro House Call

TROJ_SPNR.35FE13

7.2.46

Trend Micro

TROJ_SPNR.35FE13

10.465.15

Vba32 AntiVirus

TrojanPSW.Pinch

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

35664

Zillya! Antivirus

Trojan.LdPinch.Win32.16080

2.0.0.2005

File size:

64.5 KB (66,028 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\patch.exe

File PE Metadata

Compilation timestamp:

12/15/2010 8:22:54 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

1536:BOG7+S9RnRboxOG7+S9RnRboxOG7+S9RnRboxOG7+S9RnRbo3:BPfMPfMPfMPfq

Entry address:

0xC850

Entry point:

60, BE, 00, B0, 40, 00, 8D, BE, 00, 60, FF, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

8 KB (8,192 bytes)

Remove patch.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.