» patch.exe
Overview
Analysis
File Details
Downloads (1)

patch.exe

The application patch.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from files03.arabsh.com.

File name:

patch.exe

MD5:

20228f94d873588fbe633cc69dd7bd78

SHA-1:

504aa60e8c1be337ce904feabe069be00e7a4861

Scanner detections:

20 / 68

Status:

Potentially unwanted

Analysis date:

12/28/2024 9:31:40 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Backdoor.Agent

7.1.1

Avira AntiVirus

TR/Agent.372736.19

7.11.127.152

ESET NOD32

Win32/HackTool.Patcher

8.9350

Fortinet FortiGate

Riskware/Patcher

2/3/2014

F-Prot

W32/Backdoor2.EUUP

v6.4.7.1.166

IKARUS anti.virus

not-a-virus.Patch.Babylon

t3scan.2.2.29

K7 AntiVirus

Backdoor

13.175.10988

Malwarebytes

PUP.Hacktool.Patcher

v2014.02.03.09

McAfee

Generic.dx!20228F94D873

5600.7231

Microsoft Security Essentials

HackTool:Win32/Keygen

1.165.247.01

Norman

Suspicious_Gen.WV

11.20140203

nProtect

Trojan/W32.Agent.372736.CU

14.01.29.01

Quick Heal

HackTool.Patcher.A

2.14.12.00

Reason Heuristics

Riskware.Patcher.Meta (L)

15.12.30.1

Rising Antivirus

PE:Trojan.Win32.Generic.11EEBC2B!300858411

23.00.65.14201

Sophos

Troj/Bdoor-AZC

4.97

Total Defense

Win32/Cracker.CG

37.0.10498

Trend Micro House Call

CRCK_BABYLON

7.2.34

Trend Micro

CRCK_BABYLON

10.465.03

VIPRE Antivirus

Trojan.Win32.Generic

25922

File size:

364 KB (372,736 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\babylon\babylon-pro\patch.exe

File PE Metadata

Compilation timestamp:

3/29/2009 11:07:36 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

6144:24flwmyhILM7ODDGI/2o6tFZHpjXmquld4GvYQ:2bm+IL2ODDL/36tFJpwdI

Entry address:

0x34CE

Entry point:

E8, 2D, 1B, 00, 00, E8, FC, 19, 00, 00, 8B, F0, 6A, 00, 68, 7C, 72, 40, 00, 56, E8, 69, 1D, 00, 00, A2, 27, 81, 40, 00, 6A, 00, 68, 83, 72, 40, 00, 56, E8, 57, 1D, 00, 00, A2, 28, 81, 40, 00, 6A, 00, 68, 8A, 72, 40, 00, 56, E8, 45, 1D, 00, 00, A2, 29, 81, 40, 00, 68, DC, 74, 40, 00, 68, 94, 72, 40, 00, 56, E8, 30, 1D, 00, 00, 3C, 01, 75, 19, BE, 2A, 81, 40, 00, 68, 00, 04, 00, 00, 56, 68, DC, 74, 40, 00, E8, 89, 19, 00, 00, 8B, C6, EB, 02, 33, C0, 50, E8, 7B, 1D, 00, 00, 6A, 00, E8, A6, 19, 00, 00, A3, 72... 
[+]

Entropy:

6.7401

Code size:

17.5 KB (17,920 bytes)

The file patch.exe has been seen being distributed by the following URL.

http://files03.arabsh.com/file/1365322112/.../babylon.pro.8.0.0.13-patch.exe

Remove patch.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.