patch.exe

The executable patch.exe has been detected as malware by 6 anti-virus scanners. The file has been seen being downloaded from www.datafilehost.com.
MD5:
0820704f0e2954a9b45b74f65b8aefae

SHA-1:
3c655d233c1bf70cf34b36a29c367117d70a4625

SHA-256:
4da4c84fce284183bf04c5a6cdcafb07cf4242655a78a638f291c4564f458a63

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
12/25/2024 1:30:05 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
MSIL:Agent-BXF [Trj]
160518-2

Dr.Web
Trojan.DownLoader10.20383
9.0.1.05190

Emsisoft Anti-Malware
Generic.MSIL.Bladabindi.C8E7F440
16.07.17

ESET NOD32
MSIL/Bladabindi.AS trojan
8.0.319.0

Microsoft Security Essentials
Threat.Undefined
1.225.1578.0

Norman
Gen:Variant.MSIL.Bladabindi.2
19.05.2016 01:04:49

File size:
302.5 KB (309,760 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\patch.exe

File PE Metadata
Compilation timestamp:
2/22/2016 2:21:37 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:9S/h5A29o2UQRTIZ8RXSf8dIW2HAYPo2pyIfI1usMkk/Wkkw1WxZ+BT5grMjtM/U:+T9o2UiMZHkdIW2o61WxZ+p5g4c

Entry address:
0x8AEE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.0105

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
27 KB (27,648 bytes)

The file patch.exe has been seen being distributed by the following URL.

Remove patch.exe - Powered by Reason Core Security