home

parche_gunbound.exe

Double Prize Patch

The executable parche_gunbound.exe has been detected as malware by 18 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download.securedownload.ninja.
Product:
Double Prize Patch

Version:
1.00

MD5:
bea81044e06aa2a773be6238a93a1792

SHA-1:
02dc0f841d76732897abc098137bf630155a57b4

SHA-256:
456b0bcb0a0e3ffa6eab4da32f758ca793e111ef56194f22c6cade96e3a95f4f

Scanner detections:
18 / 68

Status:
Malware

Analysis date:
11/17/2024 4:44:35 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/VB.DGG
8.3.2.4

avast!
Win32:VB-DGG [Wrm]
2014.9-160125

Bitdefender
Gen:Variant.Kazy.113837
1.0.20.125

Bkav FE
W32.HfsOval
1.3.0.7400

Emsisoft Anti-Malware
Gen:Variant.Kazy.113837
8.16.01.25.01

F-Prot
W32/VBTrojan.Dropper.5
v6.4.7.1.166

F-Secure
Gen:Variant.Kazy.113837
11.2016-25-01_2

G Data
Gen:Variant.Kazy.113837
16.1.25

IKARUS anti.virus
Trojan.Win32.VB
t3scan.1.9.5.0

McAfee
RDN/Generic.grp
5600.6509

MicroWorld eScan
Gen:Variant.Kazy.113837
17.0.0.75

Qihoo 360 Security
Win32/Trojan.77f
1.0.0.1077

Quick Heal
(Suspicious) - DNAScan
1.16.14.00

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16123

Sophos
Mal/Generic-S
4.98

Trend Micro
TROJ_GEN.R092C0PL915
10.465.25

VIPRE Antivirus
Trojan.Win32.Generic
46614

ViRobot
Trojan.Win32.Z.Kazy.884766[h]
2014.3.20.0

File size:
864 KB (884,766 bytes)

Product version:
1.00

Copyright:
_BuTcHeR_

Original file name:
gbpatch.exe

File type:
Executable application (Win32 EXE)

Language:
Spanish

Common path:
C:\users\{user}\downloads\parche_gunbound.exe

File PE Metadata
Compilation timestamp:
12/21/2004 1:12:39 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:qVR9fvG2mjm5cITIIYh8tsIIHR4TxH0M7gl:qZPMSTIIY2tsIIx4TxHel

Entry address:
0x13E0

Entry point:
68, 58, 33, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, D0, 66, 92, F7, AD, 90, 5A, 4B, 90, D9, 03, 26, 8E, 1B, 18, A3, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 47, 42, 6F, 75, 6E, 64, 50, 61, 74, 63, 68, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 06, 86, F2, 1C, 4F, 33, E0, FC, 4D, 8E, D6, 10, 2F, 18, F4, 41, 31, BA, 5B, D6, 6E, 3B, 36, FD, 42, 88, 67, 01, E3, F3, B2, 6C, D9, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
24 KB (24,576 bytes)

The file parche_gunbound.exe has been seen being distributed by the following URL.

http://download.securedownload.ninja/index.php?id=758363432588&idweb=1&hash=4fcaa8b8d3&p=down

Remove parche_gunbound.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.