home

ptGamePatchup.EXE

ptGamePatchup Application

Mediaweb,inc.

The executable ptGamePatchup.EXE, “ptGamePatchup MFC Application” has been detected as malware by 11 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from pikadown.pikawarnet.com.
Publisher:
Mediaweb,inc.

Product:
ptGamePatchup Application

Description:
ptGamePatchup MFC Application

Version:
1, 0, 0, 1

MD5:
b19d3c2a5f974ce07793ad066eb85f1a

SHA-1:
7dcb9993b87316fe9dff8194d62b6d9c6ab21a11

SHA-256:
136b3218d32a230ecdab424595ce2b37c44128d43533809af1a98b066cc4e13c

Scanner detections:
11 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/16/2024 6:42:59 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160212-0

AVG
Win32/Sality
2015.0.4477

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
10.0.0.5366

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5956.0

Norman
Win32.Sality.3
08.02.2016 04:24:12

Sophos
Virus 'Mal/Sality-D'
5.23

File size:
133 KB (136,192 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright(c) 1999-2012 Mediaweb,inc. All rights reserved.

Original file name:
ptGamePatchup.EXE

File type:
Executable application (Win32 EXE)

Language:
Korean (Korea)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\ptgamepatchup.exe

File PE Metadata
Compilation timestamp:
5/1/2012 12:35:07 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:VLjGrY37nTuTjZ3lI4uhORyigM/KcZWO84VN0j6ijpo8k9OkefMZCqNM:VLjGrYIZl4hORyJM/KcCVxjpa9OjEoz

Entry address:
0x8DEC

Entry point:
60, 81, F9, A4, 14, 00, 00, 71, 02, 86, FE, C7, C6, 30, C6, 91, 0B, EB, 05, F6, C7, DB, 89, F5, 8B, F1, 86, D1, 69, F9, C3, 9A, 3F, E2, 33, F2, F6, C2, F3, 84, E4, B1, D8, EB, 02, 87, D9, BE, 5F, 08, 00, 00, 30, DD, 8A, F8, 85, E8, 6B, F6, 02, 8D, 1D, CC, F4, FE, 93, 6B, ED, 00, 89, D2, 87, EE, 72, 07, 88, F5, 84, D1, 0F, B7, D9, 81, ED, C2, 07, 00, 00, 3B, E8, 72, 07, 81, D7, CE, E8, 72, FA, F2, B8, 00, 00, 00, 00, 46, 84, CE, 95, FF, CB, 0F, B6, DE, 88, DD, 2D, EB, 02, 00, 00, 8D, 35, C1, DD, E0, A5, 32...
 
[+]

Entropy:
7.5223

Code size:
34.5 KB (35,328 bytes)

The file ptGamePatchup.EXE has been seen being distributed by the following URL.

http://pikadown.pikawarnet.com/.../ptGamePatchup.exe

Remove ptGamePatchup.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.