home

ageofmetin2.exe

Darikon Patcher

The executable ageofmetin2.exe has been detected as malware by 8 anti-virus scanners. While running, it connects to the Internet address ns332360.ip-37-187-123.eu on port 80 using the HTTP protocol.
Product:
Darikon Patcher

Description:
Darikon Patcher

Version:
1.1.5.0

MD5:
3a5f11ecac6915d94b36b0301defd235

SHA-1:
12aae3db8bce7e10d96e3782432632c7416926f6

SHA-256:
7c99263ea0afaa14389264a20f2db93a34dd1b871ba2609c385860c9ce621c54

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
1/8/2025 2:23:58 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.12153988
684

Bitdefender
Trojan.Generic.12153988
1.0.20.405

Emsisoft Anti-Malware
Trojan.Generic.12153988
8.15.03.22.05

F-Secure
Trojan.Generic.12153988
11.2015-22-03_1

G Data
Trojan.Generic.12153988
15.3.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.8.5.0

MicroWorld eScan
Trojan.Generic.12153988
16.0.0.243

nProtect
Trojan.Generic.12153988
14.12.30.01

File size:
289 KB (295,936 bytes)

Product version:
1.1.5.0

Copyright:
Helgo1506

Original file name:
DarikonPatcher.exe

File type:
Executable application (Win32 EXE)

Language:
German (Germany)

File PE Metadata
Compilation timestamp:
4/12/2014 7:58:20 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:KtyE3uopjG3BcpjJMRNqJlq9Rq5H6AhSiExRpIJwTBnW888888888888W888888M:KtCqjG27Mpjq5H6ywTU888888888888B

Entry address:
0x33414

Entry point:
55, 8B, EC, B9, 06, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, 56, B8, 8C, 23, 43, 00, E8, 99, 44, FD, FF, 33, C0, 55, 68, 30, 38, 43, 00, 64, FF, 30, 64, 89, 20, 8D, 55, E8, 33, C0, E8, F5, FE, FC, FF, 8B, 45, E8, 8D, 55, EC, E8, F6, 72, FD, FF, 8B, 55, EC, B8, AC, CF, 43, 00, E8, 0D, 23, FD, FF, B8, 4C, 38, 43, 00, E8, 8F, 98, FF, FF, C6, 05, CC, CF, 43, 00, 00, 8D, 45, E4, B9, 98, 38, 43, 00, 8B, 15, AC, CF, 43, 00, E8, E5, 26, FD, FF, 8B, 45, E4, E8, C5, 6F, FD, FF, 84, C0, 0F, 84, BE, 00, 00, 00, B2...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
200.5 KB (205,312 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to s1-46.gazduirejocuri.ro  (188.212.101.46:80)

TCP (HTTP):
Connects to ns332360.ip-37-187-123.eu  (37.187.123.161:80)

TCP (HTTP):
Connects to s1-45.gazduirejocuri.ro  (188.212.101.45:80)

TCP (HTTP):
Connects to s1-43.gazduirejocuri.ro  (188.212.101.43:80)

TCP (HTTP):
Connects to patch03.metin2.gfsrv.net  (79.110.80.238:80)

TCP (HTTP):
Connects to patch01.metin2.gfsrv.net  (79.110.80.236:80)

Remove ageofmetin2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.