home

patch.dll

The library patch.dll has been detected as malware by 10 anti-virus scanners. The file has been seen being downloaded from dc672.4shared.com.
MD5:
e81b42b256b9d48ae1c015fc1798828e

SHA-1:
287f315509b8fe1b3bab09853392bde2c7b13ad0

SHA-256:
d23d4d3272f07898486161be2cb103cc1d65a1f9fd76e99626c885f63c752718

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
11/15/2024 8:46:38 PM UTC  (today)

Scan engine
Detection
Engine version

Bitdefender
Trojan.Generic.7307484
1.0.20.930

Bkav FE
HW32.CDB
1.3.0.4246

Emsisoft Anti-Malware
Trojan.Generic.7307484
8.16.07.04.07

ESET NOD32
Win32/GameHack.GE
10.8819

F-Secure
Trojan.Generic.7307484
11.2016-04-07_2

G Data
Trojan.Generic.7307484
16.7.22

MicroWorld eScan
Trojan.Generic.7307484
17.0.0.558

NANO AntiVirus
Trojan.Win32.XPACK.sldcu
0.26.0.54818

Trend Micro House Call
PAK_Generic.001
7.2.186

Trend Micro
PAK_Generic.001
10.465.04

File size:
27 KB (27,648 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\downloads\patch.dll

File PE Metadata
Compilation timestamp:
7/21/2010 9:54:35 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
768:JLqn5p30IBRaWBiPmMmOFbmmAPVh9HP22N7LbLxBUv:JO51ZBR9oFbmmAPVz+27Ln

Entry address:
0x121A0

Entry point:
80, 7C, 24, 08, 01, 0F, 85, C2, 01, 00, 00, 60, BE, 00, C0, 00, 10, 8D, BE, 00, 50, FF, FF, 57, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB...
 
[+]

Entropy:
7.7453  (probably packed)

Code size:
28 KB (28,672 bytes)

The file patch.dll has been seen being distributed by the following URL.

http://dc672.4shared.com/download/.../patch.dll?tsid=20160401-172401-cdb523a1&sbsr=d9009d7a10ff79d87e48c5ee0ef2bb1396d&lgfp=2000

Remove patch.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.