home

th13e_patch_1.0.exe

The executable th13e_patch_1.0.exe has been detected as malware by 4 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from old.4otaku.org and multiple other hosts.
MD5:
416883eacf9aafb2fe67a79b3e7e9056

SHA-1:
a0fe41f284939e06636b8950a066b61ba667a54f

SHA-256:
9bb666832294ec72d429c3f41712ecf8a0d9469ed9315f1fa774b44ed135bf23

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
5/17/2026 11:09:13 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

avast!
Win32:Dropper-gen [Drp]
2014.9-140713

Bkav FE
HW32.CDB
1.3.0.4959

F-Prot
W32/FakeAlert.5
v6.4.7.1.166

Norman
Small.YN
11.20140713

File size:
1.3 MB (1,385,984 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
10/24/2011 7:27:39 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.21

CTPH (ssdeep):
24576:NzUaVzRlqUryoVg0A2zlLmavXNxnRRlTUFFAjSZc4C6FCRR0KjN0BKou5+:NzUaVzRlq9oVg0o2nRRxq+jx6FOGKR0B

Entry address:
0x12B0

Entry point:
55, 89, E5, 83, EC, 18, C7, 04, 24, 02, 00, 00, 00, FF, 15, B0, 32, 55, 00, E8, 38, FD, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 89, E5, 83, EC, 08, A1, D0, 32, 55, 00, C9, FF, E0, 66, 90, 55, 89, E5, 83, EC, 08, A1, C0, 32, 55, 00, C9, FF, E0, 90, 90, 55, 89, E5, 83, EC, 18, 8B, 0D, 24, B0, 40, 00, 85, C9, 74, 31, C7, 04, 24, 00, C0, 40, 00, E8, 20, 97, 00, 00, 52, 85, C0, 74, 23, C7, 44, 24, 04, 0E, C0, 40, 00, 89, 04, 24, E8, 13, 97, 00, 00, 83, EC, 08, 85, C0, 74, 09, C7, 04, 24, 24, B0, 40, 00, FF...
 
[+]

Entropy:
7.9147  (probably packed)

Code size:
39.5 KB (40,448 bytes)

The file th13e_patch_1.0.exe has been seen being distributed by the following 2 URLs.

http://old.4otaku.org/files/post/.../th13e_patch_1.0.exe

http://www.gensokyo.org/th13e_patch_1.0.exe

Remove th13e_patch_1.0.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.