HackTool:Win32/Patcher

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	254
Threat Level:	10 % (Normal)
Infected Computers:	209,424

First Seen:	February 7, 2013
Last Seen:	March 29, 2026
OS(es) Affected:	Windows

Table of Contents

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
Fortinet	W32/Malware_fam.NB
Ikarus	possible-Threat.Patch.QBES
AhnLab-V3	Malware/Win32.Suspicious
Sophos	Troj/QPatch-A
McAfee-GW-Edition	Heuristic.BehavesLike.Win32.Suspicious-PKR.K
AntiVir	TR/HostsMod
eSafe	Win32.HackTool.Patch
Avast	Win32:PUP-gen [PUP]
Symantec	Adware.Lop
F-Prot	W32/MalwareF.MVIA
McAfee	Generic.dx!tgm
Panda	Generic Malware
Ikarus	not-a-virus:RiskTool.Win32.Patcher
McAfee-GW-Edition	Heuristic.LooksLike.Win32.Suspicious.B
F-Prot	W32/Backdoor2.HMRI

SpyHunter Detects & Remove HackTool:Win32/Patcher

File System Details

HackTool:Win32/Patcher may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	winmm.dll	aa485b52bd986c416540c2ca0de1574b	1,216
Name: winmm.dll MD5: aa485b52bd986c416540c2ca0de1574b Size: 201.21 KB (201216 bytes) Detections: 1,216 Type: Dynamic link library Path: %PROGRAMFILES%\4KDownload\4kvideodownloader\winmm.dll Group: Malware file Last Updated: November 11, 2025
2.	z3x gsm x team.exe	b1823b2e249cb95614f3363dde4064d2	449
Name: z3x gsm x team.exe MD5: b1823b2e249cb95614f3363dde4064d2 Size: 106.58 KB (106589 bytes) Detections: 449 Type: Executable File Path: %PROGRAMFILES(x86)%\Z3X\Samsung\SamsungToolPRO\z3x gsm x team.exe Group: Malware file Last Updated: November 23, 2024
3.	2.exe	f20ef033547809a625d43a859a015d40	320
Name: 2.exe MD5: f20ef033547809a625d43a859a015d40 Size: 1.75 MB (1753088 bytes) Detections: 320 Type: Executable File Path: %PROGRAMFILES(x86)%\Z3X\Samsung\SamsungToolPRO\2.exe Group: Malware file Last Updated: November 11, 2025
4.	Z3X_Loader_24.3.exe	1fa73c95c16d5a36c53ed37904f1fe3a	312
Name: Z3X_Loader_24.3.exe MD5: 1fa73c95c16d5a36c53ed37904f1fe3a Size: 4.91 MB (4919808 bytes) Detections: 312 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\Downloads\descargas\SamsungToolPRO-24.3_New Loader By Gsm Hunter team\SamsungToolPRO-24.3_New Loader By Gsm Hunter team\Z3X_Loader_24.3.exe Group: Malware file Last Updated: July 1, 2025
5.	CST_patch.exe	dfdbf3e4c3e3b186b4fcea508c5a45a4	302
Name: CST_patch.exe MD5: dfdbf3e4c3e3b186b4fcea508c5a45a4 Size: 6.14 KB (6144 bytes) Detections: 302 Type: Executable File Path: %PROGRAMFILES(x86)%\CST STUDIO SUITE 2018\CST_patch.exe Group: Malware file Last Updated: January 31, 2026
6.	z3x pro box samsung v28.2 by m.waqas qamar.exe	450854c7adfd154757617c91c8eb2c6a	220
Name: z3x pro box samsung v28.2 by m.waqas qamar.exe MD5: 450854c7adfd154757617c91c8eb2c6a Size: 29.66 MB (29662208 bytes) Detections: 220 Type: Executable File Path: %PROGRAMFILES(x86)%\z3x pro box samsung v28.2 by m.waqas qamar Group: Malware file Last Updated: December 10, 2023
7.	netewaf.dll	97081546524693ba894ff166b3334913	103
Name: netewaf.dll MD5: 97081546524693ba894ff166b3334913 Size: 10.75 KB (10752 bytes) Detections: 103 Type: Dynamic link library Path: %SystemDrive%\Documents and Settings\NetworkService\Configuraci?n local\Datos de programa Group: Malware file Last Updated: February 11, 2013
8.	EASEUS Partition Master v9.2.2 [Patch].exe	57991e8b4e98fa78d992935b89e0a3ab	81
Name: EASEUS Partition Master v9.2.2 [Patch].exe MD5: 57991e8b4e98fa78d992935b89e0a3ab Size: 63.28 KB (63286 bytes) Detections: 81 Type: Executable File Path: %PROGRAMFILES(x86)%\EaseUS\EaseUS Partition Master 9.2.2\bin\EASEUS Partition Master v9.2.2 [Patch].exe Group: Malware file Last Updated: January 19, 2025
9.	Z3X FULL CERT GSM ANDROID.exe	6bc0271991f6afc9ba6e5cf0fc827830	78
Name: Z3X FULL CERT GSM ANDROID.exe MD5: 6bc0271991f6afc9ba6e5cf0fc827830 Size: 1.42 MB (1421312 bytes) Detections: 78 Type: Executable File Path: C:\Users\<username>\Desktop\hindi urdu tutorials\Z3X FULL CERT GSM ANDROID.exe Group: Malware file Last Updated: April 11, 2024
10.	Z3X Box 29.5 KeyGen by Cristian Pino.exe	ac9e71af6c6360b802e7a2787f842472	71
Name: Z3X Box 29.5 KeyGen by Cristian Pino.exe MD5: ac9e71af6c6360b802e7a2787f842472 Size: 1.83 MB (1833361 bytes) Detections: 71 Type: Executable File Path: C:\$Recycle.Bin\S-1-5-21-1204761261-1330941749-525983355-1001\$R7QAZV6.5\Z3X Crack V29.5\Z3X Box 29.5 KeyGen by Cristian Pino.exe Group: Malware file Last Updated: November 1, 2022
11.	Z3X Easy-JTag EMMC Odin By M.Waqas Qamar.exe	6dd1a96d1fa572958da55b9b26865917	65
Name: Z3X Easy-JTag EMMC Odin By M.Waqas Qamar.exe MD5: 6dd1a96d1fa572958da55b9b26865917 Size: 23.19 KB (23196 bytes) Detections: 65 Type: Executable File Path: C:\Program Files (x86)\TechnicalMicky.CoM\Z3X Easy-JTag EMMC Odin By M.Waqas Qamar\Z3X Easy-JTag EMMC Odin By M.Waqas Qamar.exe Group: Malware file Last Updated: January 15, 2025
12.	Z3X Box 29.5 KeyGen.exe	90dc3f6847b6cc0634532b84d80b01f2	28
Name: Z3X Box 29.5 KeyGen.exe MD5: 90dc3f6847b6cc0634532b84d80b01f2 Size: 1.75 MB (1759838 bytes) Detections: 28 Type: Executable File Path: %SYSTEMDRIVE%\$Recycle.Bin\S-1-5-21-3786081526-2701289992-1661861654-1001\$R4RBAIS\Samsung\SamsungToolPRO\Z3X Box 29.5 KeyGen.exe Group: Malware file Last Updated: August 4, 2023
13.	Z3X 29.5 LOADER.exe	41b9d047c3e7f6ffd165ab5762541851	27
Name: Z3X 29.5 LOADER.exe MD5: 41b9d047c3e7f6ffd165ab5762541851 Size: 1.35 MB (1351105 bytes) Detections: 27 Type: Executable File Path: %SYSTEMDRIVE%\$Recycle.Bin\S-1-5-21-3786081526-2701289992-1661861654-1001\$R4RBAIS\Samsung\SamsungToolPRO\Z3X 29.5 LOADER.exe Group: Malware file Last Updated: August 4, 2023
14.	Reflexorator v1.2 by ANON. (TAC).exe	473f823139ac44cbddb963bef45e7d91	16
Name: Reflexorator v1.2 by ANON. (TAC).exe MD5: 473f823139ac44cbddb963bef45e7d91 Size: 34.28 KB (34280 bytes) Detections: 16 Type: Executable File Path: C:\Users\<username>\Downloads\juegos\29 BigFish games\Agatha Christie - Death on the Nile\Agatha Christie - Death on the Nile\Reflexorator v1.2 by ANON. (TAC)\Reflexorator v1.2 by ANON. (TAC).exe Group: Malware file Last Updated: December 2, 2024
15.	antidote8vx_patcher.exe	18116d4edefb89dc09e4b65a861bfb17	13
Name: antidote8vx_patcher.exe MD5: 18116d4edefb89dc09e4b65a861bfb17 Size: 12.8 KB (12800 bytes) Detections: 13 Type: Executable File Path: C:\Users\<username>\Documents\document\Ergothérapie\Cabergo\Correcteur Orthographe\Antidote_8_v2\Antidote 8 v2\antidote8vx_patcher.exe Group: Malware file Last Updated: March 19, 2026
16.	CSTpatcher15.exe	7733cf71943459afbdc206687d013ff0	10
Name: CSTpatcher15.exe MD5: 7733cf71943459afbdc206687d013ff0 Size: 5.12 KB (5120 bytes) Detections: 10 Type: Executable File Path: C:\Program Files\DownStream Technologies\2021\CAM350 14.6\CSTpatcher15.exe Group: Malware file Last Updated: March 1, 2025
17.	Nbt.exe	b1c6f0b2e02654e415a04f1cb968cd4d	8
Name: Nbt.exe MD5: b1c6f0b2e02654e415a04f1cb968cd4d Size: 723.96 KB (723968 bytes) Detections: 8 Type: Executable File Path: %APPDATA%\Nbt Group: Malware file Last Updated: February 11, 2013
18.	UrT 4.exe	8163275f3b4a12fbe7cab0964e6558ea	7
Name: UrT 4.exe MD5: 8163275f3b4a12fbe7cab0964e6558ea Size: 184.37 KB (184370 bytes) Detections: 7 Type: Executable File Path: %USERPROFILE%\Bureau\Jeux\UrT 4.DDLZ Group: Malware file Last Updated: May 5, 2020
19.	system.exe	658cc07d556ec28441721d48aa054f9d	4
Name: system.exe MD5: 658cc07d556ec28441721d48aa054f9d Size: 50.24 KB (50240 bytes) Detections: 4 Type: Executable File Path: %SystemDrive%\Users\<username>\AppData\Roaming\System Group: Malware file Last Updated: February 11, 2013
20.	Wrar3reg.exe	88203a4cae65575159d01619194664f6	3
Name: Wrar3reg.exe MD5: 88203a4cae65575159d01619194664f6 Size: 26.11 KB (26112 bytes) Detections: 3 Type: Executable File Path: C:\Program Files (x86)\WinRAR\Wrar3reg.exe Group: Malware file Last Updated: December 16, 2023
21.	I3BSvr_ABC.exe	be18faf6979307b62837c1f035bdb276	2
Name: I3BSvr_ABC.exe MD5: be18faf6979307b62837c1f035bdb276 Size: 58.62 KB (58624 bytes) Detections: 2 Type: Executable File Path: %WINDIR%\system32 Group: Malware file Last Updated: February 11, 2013
22.	%SystemDrive%/windows/conhost.exe	7c7bb14c7744966010821c56851eb38e	1
Name: %SystemDrive%/windows/conhost.exe MD5: 7c7bb14c7744966010821c56851eb38e Size: 54.27 KB (54272 bytes) Detections: 1 Type: Executable File Group: Malware file Last Updated: February 11, 2013

More files

Registry Details

HackTool:Win32/Patcher may create the following registry entry or registry entries:

File name without path

created by Download's team.exe

Analysis Report

General information

Family Name:	PUP.Patcher
Signature status:	No Signature

Known Samples

MD5: de3196328c8cadc061bcb0fa7a9a0c07

SHA1: c4ed54b54de9d6dc708af4deb8e7af3929188a63

File Size: 389.76 KB, 389764 bytes

MD5: e0f6b769f187595d1454f5d3eb80ebd9

SHA1: d135d647c7c46899f87e778e348961dcc5e17809

File Size: 86.02 KB, 86016 bytes

MD5: 236e6a8f47cfd6f159a9f51ea2a05617

SHA1: d4546c3ed2be39c5b65e72088128a41b90da163b

SHA256: DCD5041483064E3AD98914B94CFDCDFB411D257B7D80744F7AFC7074E0FD4DB2

File Size: 179.87 KB, 179872 bytes

MD5: e0df4eb9b63da0c6adfef9e5c9f2a8e2

SHA1: d929ece2248ac26a0ef23e024deb7dfcb3b77e9d

SHA256: 2AC2AF3C96A990BCF1A31FF54CB7C4B427ED7B5B8466A6CA346D46F17D22123D

File Size: 171.52 KB, 171520 bytes

MD5: 12b55074678f6b23900bf946a73804d0

SHA1: f018c4fb7db8846f6848a79d992a5dc4b27f0614

SHA256: DA2AC1081D67D4130EE62D1C9799641095AAAE5042D66C75EA437CCB9208B55A

File Size: 389.79 KB, 389794 bytes

MD5: d84a789cc503a71906e1000d4faa00ef

SHA1: 5b8fc61f33924c26a1ee2ac371704eba1dbc1b06

SHA256: FCFF79B2CECF4981AB145EC504F9365F7B55066864F6BF481BC2674330BE403D

File Size: 12.29 KB, 12288 bytes

MD5: b2e9734615b83df72ba0c9e7bf284d5b

SHA1: c3bce8170e5d4f6bd79f5ce7366419e576a5d76e

SHA256: AA8050723DF89946EB9A4E88C6AA3BB0ACD3559F83183F3ECA29E710B7BE8BF2

File Size: 2.01 MB, 2014728 bytes

MD5: 5061d372663063902fee16b02ef1fe3c

SHA1: 92069d8bc4753cfcb8356bb1960ed5be0bbb457a

SHA256: 05023ED8A8585C9A9DB5ABF7DA10453E38DEB1CDF678E75E299E65DA24C2C041

File Size: 14.34 KB, 14336 bytes

MD5: a06e3851ebecd31bc81ae18244bef7a0

SHA1: 0170d22d305b12ef46769f470a240e0e5206d4da

SHA256: 77C121EDBD5576AABC8BA7028C29407C2377CD4A8D6578FADA20F691E9610E60

File Size: 542.03 KB, 542032 bytes

MD5: 1fcc02eebbc384abb03394e4427a52f7

SHA1: 74d7cc29ca72273d5e8096146ea3b2511ca56da7

SHA256: 502ADC342F511612F86181BF0793541F82B9CC3AB94E633F36A8A529E3F400DF

File Size: 1.31 MB, 1307648 bytes

MD5: 726707744c1aeaebdf0c2a5d74821dbb

SHA1: a6341c3aa7e5291a2a24e9697380485ac2c421c1

SHA256: 6365017F8F41072026F88BF362722B3FC32A28FDDB855370B484F27E0C032C90

File Size: 81.41 KB, 81408 bytes

MD5: c6734351950d981bdb9b120e2b6168fb

SHA1: ebe5e001193a20f7d0471f30ba817da2974c0839

SHA256: A4C478721F17E79DB6CBEFB4DCEF4DA2C8178A0A2DB1572740AD6246EE694A24

File Size: 227.46 KB, 227456 bytes

MD5: 8888dce2b767b5c84d0e0a81e1c61d35

SHA1: b216f3a9f2c39a3a4a310b05b647c9a3db9e4541

SHA256: 16A143583CA73662E5172FECB12F45300C28FA5BAFF55E90933FA5E1EAA8D472

File Size: 1.54 MB, 1542144 bytes

MD5: 16b4258332d36e3515ac5cfa1abe48ea

SHA1: c729c484d0f1df005edfc0d394d2589606594f42

SHA256: E4F0669504B92CEC4A6C5147CB052876C96E40C8516095430165ECB303D9076A

File Size: 111.61 KB, 111611 bytes

MD5: 64edf271468d12d3a6c3e03e7c36c268

SHA1: ad84dfdf26af659db9267948696351ba8dfd079d

SHA256: 75252D89919C8F6AF68EF0633F2579C9D241DBD81454F255BD611FD0B33C67B8

File Size: 562.69 KB, 562688 bytes

MD5: be4837d72dc2e3ee8480a61e1045267f

SHA1: 1f0092b274fc484b1bbb83f8f30e54459e6015c8

SHA256: 7AB9131EBC884EB0833A3629E8074C6AD662243080C4E3449866151EEBB6EFAC

File Size: 113.15 KB, 113152 bytes

MD5: 0545cbc7d5a65cc321f2fc8c5731bf40

SHA1: 1346f61f5c81e275f073cea13b8fad980de51d44

SHA256: AFB3538C48A65C8C5CE0989810EC5F72F23BE78C20EA6E4DC9180F6B4F82267A

File Size: 433.15 KB, 433152 bytes

MD5: 7da06ba20a86c4bf7bc017bf0703b4b1

SHA1: d6960df9c1a01d77052d4d4bcce83df0f96db498

SHA256: FEAEEFD145861E7816F2FF98932A898BE5402C15F4ED69A1D9E0D6BF8F973697

File Size: 1.72 MB, 1721199 bytes

MD5: 5fc59c32c7659d8ec71177a6067a71bd

SHA1: 259b9061934d083ce59fe3f2debbc29abb57b5e8

SHA256: 1CECA7DD16F6FDDEC70F9463C674A837E9630F2FCB8B7C924742F9556C5813D7

File Size: 16.90 KB, 16896 bytes

MD5: 8983cd213426f419ba7436667fc2e9df

SHA1: 6fe3a02822c66a9ca65276cda033026ae6ca47cb

SHA256: 4DC7B48061CB7D6F083A0D293A07485F89D12BD21B2B7EFFF1B59938A09CFBE4

File Size: 389.79 KB, 389794 bytes

MD5: 75d829b7fbf4e3be3bc134777a6f672d

SHA1: 2026b932afba9613c56018f962d17a4c7c2d5ed7

SHA256: A1D1E8418A43CC8C68A6D4A1CB9B79065742A0EADEF310207B075760E94E783C

File Size: 68.40 KB, 68399 bytes

MD5: 3d44818e435a57f9b03b032ee69d4181

SHA1: f233387cbcd42cbd7d0dfe87e7a21b89a843d899

SHA256: C31ADFBB98C64B2CCB0FF188104D702BC0B9E2E2BA8679921FBA2916339BEA3C

File Size: 298.19 KB, 298192 bytes

MD5: c6e4ed3365b90053a9ae473959383fe6

SHA1: 1dcd3053053ad935443c6b1afc35c8bfd4ed309c

SHA256: 87F135AF140965F19BC019629162C7F76FD6F989E8C09AA554E7C3819AB0A2D2

File Size: 1.01 MB, 1012224 bytes

MD5: f7ca5d556f63925821110b550446f7ca

SHA1: 8dc96c1eb56fc67c77e327c9e6d81379777b11ec

SHA256: C6537BFF110DC3E5CF21B0CA0673D23D755AF2796B6BC61E71CB0331A1E50E2A

File Size: 248.47 KB, 248472 bytes

MD5: 795aab36d912dfaceff07071174e3c57

SHA1: 3649e4fbfb01bed60d34d4cde8266c097ea22b40

SHA256: CA0C02A7FA5BB494DF9252D09D2D55339E55DCAECE526B77DC8F49027A4C9991

File Size: 180.22 KB, 180224 bytes

MD5: 4fbdfa89596efbbaca32c04f10fe1701

SHA1: c13fb1e8a5ecbbf9f97a5f97edde26a730845a1d

SHA256: B1F887192B8AD5360FFC56AD832BA0803EAFB5513D010E6AA4B10D502A6DD06E

File Size: 389.80 KB, 389804 bytes

MD5: 6f28112ce8ea0e439f7fb2f1b86877c6

SHA1: 8f8bde4ce198fc29ac907903950bbae11edb4c1d

SHA256: 14531AFEB7B89CE11FEF16DE7D1A3AB10623993CB6FC8EC12632456C889432F7

File Size: 1.11 MB, 1110528 bytes

MD5: 692df0f7602079cfce0c7bb7ec6f3772

SHA1: 1c1791f9664a367955b2ef831adc28ba403fbe30

SHA256: 92CE291436945CEE5E65DFEF95E91BBF46568C7DB9BF2AF285E2C8DEA9199FDB

File Size: 11.39 KB, 11394 bytes

MD5: 338b6827e7043114f3b412f7d02701d1

SHA1: 64340f25a2f8a15d2205507f032fabf5e3948c9f

SHA256: 791AAF1B565FD859B232B7068E6775C8CDF65F9A6D9CFF5D91E086B250E0C44E

File Size: 389.78 KB, 389781 bytes

MD5: 66a780d78fa36814245540a2d5a07375

SHA1: 31e7365451bc62fa2ef9960295380988c33d2cb1

SHA256: 9C7ACB3DBF6F631E73189DA3A53E5DEE694E0D38F2EA6D41F9B4E00CE23FE5D5

File Size: 704.97 KB, 704967 bytes

MD5: 240c2b3788b20d4b50a18ea206979899

SHA1: c39c5528ea589e0f2613fdee795787c7a2073b26

SHA256: 2A8A437057A8E4847611668FD1553B1C47465763C60FEF39C997E58F13E482D5

File Size: 101.41 KB, 101408 bytes

MD5: 01822f2673d70ce287fa59816e0fc5a1

SHA1: 9c3cb69fd8fcd8a928f5c88db62f2b15360137a3

SHA256: 960BCAEBF02BA2BF7BBDADFADDBC6FCF3E6DEF5BC6B95931EA0DE69DDD413549

File Size: 389.78 KB, 389778 bytes

MD5: 333d15ad5d35d4545e9021eb7e4f3452

SHA1: 8207ffc011b738ef3d3b1a8a32e2100f579a4ddc

SHA256: 5AC93B1440C66430B4604843236CC50A68AC3E204385E87E019149CE7C79EE56

File Size: 718.34 KB, 718336 bytes

MD5: 8ad1f5be7224b74f3cfd15f35365094f

SHA1: 5ca5967e0d4a300762dc2475b1b42e9c688b405f

SHA256: A6C1C58158C3DFF820B996B11A0EE5C122DC2DBF3146F271CEC32E78BAD2BAE1

File Size: 3.13 MB, 3129344 bytes

MD5: 1c9fea2ae5d510a487105bfe61c9ffe9

SHA1: 4eb53f791690458bd98fc288b43e59d2035c10e8

SHA256: 33331C9F1B7F73F8B9A24755FECB40509A9E52908F1DED2C448DF8BE0E88FC28

File Size: 389.79 KB, 389793 bytes

MD5: b02be0e0148f316e22d37c7f16127e10

SHA1: 66a4367d18fa9e2d54d43878d1b995d262f5f511

SHA256: 31BFCBF9D3F0127C8D5BC3FA8302475928ADA55F0050E072DFDF326557F9F101

File Size: 389.79 KB, 389786 bytes

MD5: 1643e9501ad1d730776ad30da251e0bb

SHA1: 4f2e9d15dd7b489fc434859afdbeda2bea84e877

SHA256: 0E76C2DD546159D3EA984FD47245FEFDD45578E4C16670C18DEF31875EC6C93C

File Size: 1.54 MB, 1536411 bytes

MD5: ce0e85d332f1d56d2c01e25b0409df90

SHA1: 6c78d0f5ad64bd7c8c165415c13a1c1a51623028

SHA256: 614D37613E3A247E9090F5E43B255505EFE1E4CCDDA8FC7178E21C5BBFEF2AB2

File Size: 153.60 KB, 153600 bytes

MD5: c7ce20e029967eb8a1b48cd1f4905fa9

SHA1: 59ebf75f343c3240f4840fca7a7f9f772ecdbc92

SHA256: 7244D7A54D57D66528697FD433B0B2E12D504F07D2AEA6D1E71C1A5D33F6DC55

File Size: 1.48 MB, 1482752 bytes

MD5: 9ad3e684006dab7b60d77646309b9c23

SHA1: 5e162e5fac161da66dcbdc794ff59c56b52934b9

SHA256: 2267955C3E7BFF12A504FBAF266E1435FC98F91AB0FAF1700052B08FCF421366

File Size: 1.07 MB, 1069591 bytes

MD5: 402aef9fa4c9951abe7b4a5c80d0d556

SHA1: 0bc08144744b018918298356b5d3c4fbb7f5840e

SHA256: 758692AD67009ED550CB8ACEEE3352EBAD63A16AEF30908B3DA53E1B35C9899F

File Size: 200.32 KB, 200324 bytes

MD5: 2b24105b3aebc9d778d283c496dbf38a

SHA1: 3c8a2b229954b8bcfdb68242d38f85e8fd89f503

SHA256: E9E9C0761E21D3E26A837682F8C3EED2420055DDF10AC1FCC7C6A9F2213121CF

File Size: 1.17 MB, 1166688 bytes

MD5: a31b3fd4a26451ceecaf7d6990399948

SHA1: 6be5e39cb5cda57ea43520e1cfafd217144150ed

SHA256: 5C11BA6E2AC2BDF4869A6D1B62C30C1813653DE90C2A8A7C506A80FB3FDB22EE

File Size: 389.78 KB, 389778 bytes

MD5: 88b56a1ab51d58c4e499c245aad55e07

SHA1: f5fe73df3c83f2c8351989c0c86edb2265e5a6c3

SHA256: E500A148AD6A7FFAE2F11646BEC38F21E8EC2302EA5817B2FD888A589C56DA9E

File Size: 1.92 MB, 1921024 bytes

MD5: f36696103cf0ad30c4d4ce82dde8855d

SHA1: c37a734eb6e53f943a1e5e6d9dc2d01c4751883c

SHA256: 5DB06ACFC6EE327C37FC0221B06AF95AFB8FAC859F8F92E6C2932F0C2A4B1796

File Size: 103.94 KB, 103936 bytes

MD5: efb6c543dec3b785de5a2e31477c317a

SHA1: af355d3be04bee04636b7d0ef90e59cda5d2bff0

SHA256: 83D1882BDB8C84E1F7F7C61FFA94D00386307509C44A9C939A7ED581608CB1FF

File Size: 33.28 KB, 33280 bytes

MD5: 0057d61973eee2c333a9365926c19fd5

SHA1: 53e32919a619f1c228046be72fe0369e58b08b96

SHA256: 13E1FE2EA86DAC62935ECEB6FC8E7C1A52A66F830699FF1B1B03BB757C51A54A

File Size: 718.34 KB, 718336 bytes

MD5: e73109a83803fe5fe655c965aed4b6ce

SHA1: 126eaa1e782a88cd2e16bbed0e79388069d97935

SHA256: 6BBCF9EB60DB55199F7C3D36D2090B6A210630589E85B86A95277AEAB509687B

File Size: 307.02 KB, 307024 bytes

MD5: 8184b14c25baaeddc270f7f13b248207

SHA1: 2e14ae67c012e1701b1d21a0703e4606996a3dd5

SHA256: AF4A5EAE57BCF1FBFE3B3608C3B9BDAB0DD9E5FC862C072CCDE863A336B7E6CF

File Size: 3.14 MB, 3136000 bytes

MD5: e32df3c6f8aee898d382677d6b2ae873

SHA1: 2af39cce0f9771f90e4a1602f5c31dd4c2e4e04a

SHA256: 16593AAB065B81A6A57E4A1ED8197AAFC40E1DC5587CECC916F80576EDEB9E3D

File Size: 389.78 KB, 389783 bytes

MD5: 2cb34d67291a6b12020a54930314deb6

SHA1: c078293ca588194628e5a7e1e16f51ca025b12b0

SHA256: AB65529778A47CA9AC6952077C1E7C7A0A32D3FA62464AF37216F190460369EE

File Size: 665.13 KB, 665127 bytes

MD5: 266aa97108ade4712883378d83553ce0

SHA1: 2998cf112b0dc116a451c644887a19309e9e8940

SHA256: 6AB2A44A479F875A2D3BDFAAE190280C92AFB71885792F94EA263279B0AB65FB

File Size: 389.80 KB, 389804 bytes

MD5: ec29aad202da949f9c98c947748f2774

SHA1: 7f2d6838780cf9e55a5b6d32203b873b01b408f6

SHA256: 30A74EFC1C963735897E5616062FE571D81D78863416DD2C225DE853F5D91EA5

File Size: 827.39 KB, 827392 bytes

MD5: e7fe5df97ce43a383c3327b983086c0e

SHA1: 9a8c29e72c8e2b12175ebcd49c509c99751fc3c3

SHA256: A5E28983DD5F07102CA13C25462682BDE2F72D50B23FC80BB8E85D38D84D61F8

File Size: 111.62 KB, 111616 bytes

MD5: d96d4b56058a36f7b8e9df148c173c2e

SHA1: 4b2487cc35dd931ba84af24079fd4c1c53fcdd24

SHA256: 031574C087112B585C6B517AC25D0069A9452C4F68FA7F2BA56D21204A62923A

File Size: 95.08 KB, 95080 bytes

MD5: 56abf62c5c232698c812ab8abc717cad

SHA1: c2fb1ad7a1e838a234e6bfd9d9985f110301a32a

SHA256: 33CB542E0D27355BAFFFC80C58C31DE7B29E3CAFC292F2A62E39F6C00C3D126B

File Size: 215.65 KB, 215648 bytes

MD5: fd01fbe07b36c00437a5ba8f7a6a3723

SHA1: 36cbb62cc129e9867343f56b582cb4f5400bc370

SHA256: 1D6318FF57356E3036A9A7E8DFC839DB2182068F1AF7E6A8CB008C09A730EBB6

File Size: 437.76 KB, 437760 bytes

MD5: 675fb2b67c2b7742337367fffbbc541b

SHA1: 14cbca663c096b42c95fab3f84f99257995977ef

SHA256: 37C0BC9D0FAC19298C76C5A94AB8A05BEB8096A07434F51CE159D7BEB759A0D3

File Size: 389.81 KB, 389812 bytes

MD5: fb98492258cdbdcf24c9a69a47f2676e

SHA1: bc9979682bf3070c36cf1d07369b33c3aee94294

SHA256: 02EFFFA91FC7A28216D5EDAA978B582F097BF79BF326A513481897A449B82C6D

File Size: 543.06 KB, 543056 bytes

MD5: 5f0e849a99c852d90ddb308d90cd6adf

SHA1: d639bba9f4d80fe1048e5b3bd6313be779bac66a

SHA256: 462C9765A8609FA06578D9251F2C1A1F8505404088B9B6F0B26AEB1D6798C460

File Size: 390.14 KB, 390144 bytes

MD5: 74afd886275ec3d9125dcd3cee809724

SHA1: 9e93d93eb6de79b95e70378fab1f17506f112de6

SHA256: 058010FB37AAE5BB809A64B07DD626C02B6232105700B807EB6A55C4A805DD58

File Size: 394.05 KB, 394046 bytes

MD5: 55dfc3d416f87ac3b58a7888e92316bb

SHA1: bd8533409abbdd38080ac0190e60294821fb3322

SHA256: AC43C679B9ABF02F88302E76E6C7E080D58DCB03B57DBFE790878549F2B025BC

File Size: 716.14 KB, 716136 bytes

MD5: 62eb5332291676c6562f5fc5a76bd9e2

SHA1: 0a4a298f9ccdc82dd1d9a772d23864d668f99fa9

SHA256: 049FC03C81ACB28E9C8B541BF0C23413812ED9288CFEAD6D74DDF75784562E04

File Size: 389.79 KB, 389793 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has been packed
File has exports table
File has TLS information
File is .NET application
File is 32-bit executable

File is 64-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

46 additional icons are not displayed above.

Windows PE Version Information

Name	Value
Assembly Version	2.1.0.0 1.0.0.0
Build Date	12-02-2021 19:27:00 13-07-2021 09:33:36 20-03-2021 12:58:29
Comments	Allows MiPony to be run from a removable drive. Allows NetSetMan to be run from a removable drive. Allows SQL Server Password Changer to be run from a removable drive. Crack uxtheme, free your Windows supports 3rd party desktop msstyle themes. OldSkools ProMod PatchKeyboard TCP/IP Half Open Connection Limit Patch & Monitor
Company	EiTheL
Company Name	Bome deepxw DoomStorm Irduco Microsoft OldSkool
Description	EiThel Patcher
File Description	CODEX Language Changer File created by ScAEvoLa's PatchEngine Language Changer MiPony Portable Launcher NetSetMan Portable Launcher Neues Tastaturlayout mit Punkt statt Komma auf dem Nummernblock Patch (created with Dogbert's GPE) Patch created by Tola's Patching Engine ProMod Restorator Patcher Show More SQL Server Password Changer Portable Launcher TCP-Z, TCP/IP Connection Patch and Monitor. Universal Theme Patcher For Windows WiiGSC
File Version	2.6.0.66 2.1.0.0 2.00 2.0.0.0 1.33 1.5.0.22 1.4.0.0 1.4 1.1.0.0 1.00 Show More 1.0.0.90 1.0.0.0
G P G Version	1.06.0.0000
Internal Name	language_changer.exe MiPony Portable Launcher NetSetMan Portable Launcher ProMod.exe ResPatcher SQL Server Password Changer Portable Launcher TCPZ.exe TJprojMain UniversalThemePatcher.exe WiiGSC.exe Show More Win
Internet	http://www.amok.am
Legal Copyright	(c) 1999 by Florian Bömers (c) 2009 deepxw. All rights reserved. (c) 2016 Dirk Schwarzmann CODEX © 2015 Copyright (C) deepxw 2008-2009. All rights reserved. Copyright © Irduco 2010 Copyright © Tola[AmoK] 2000,2001 DoomStorm OldSkool
Legal Trademarks	DoomStorm OldSkool
Original Filename	language_changer.exe MiPonyPortable.exe NetSetManPortable.exe ProMod.exe ResPatcher SQLServerPasswordChangerPortable.exe TCPZ.exe TJprojMain.exe UniversalThemePatcher.exe WiiGSC.exe Show More Win.exe
Product Name	CODEX Language Changer Language Changer MiPony Portable NetSetMan Portable Project1 ProMod Restorator SQL Server Password Changer Portable TCP-Z Universal Theme Patcher For Windows Show More WiiGSC Win
Product Version	6.1 2.6.0.66 2.5.0.0 2.1.0.0 2.0.0.0 1.5.0.22 1.4.0.0 1.1.0.0 1.00 1.0.0.0
Productname	PatchKeyboard

Digital Signatures

Signer	Root	Status
DoomStorm	DoomStorm	Self Signed
Alawar Entertainment Inc	Symantec Class 3 SHA256 Code Signing CA	Self Signed
deepxw Software	deepxw Software	Hash Mismatch
deepxw Software	deepxw Software	Self Signed

File Traits

$Id: UPX
.adata
.aspack
.NET
.sdata
.UPX
00 section
2+ executable sections
ASPack v2.12
Autoit

big overlay
CryptoObfus
HighEntropy
Installer Manifest
NewLateBinding
No Version Info
packed
RAR (In Overlay)
RARinO
Reactor
Reflective
RijndaelManaged
SIM
UPX
upx
UPX!
UPX lock
virut
WinRAR SFX
WRARSFX
WriteProcessMemory
x86

Block Information

Total Blocks:	520
Potentially Malicious Blocks:	0
Whitelisted Blocks:	520
Unknown Blocks:	0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Autoit
Autorun.KA
BadJoke.TH
BadJoke.XA
Chapak.HBX

CobaltStrike.GI
CobaltStrike.GIA
Delf.AJ
Delf.Q
Delf.XA
FakeInstaller.A
Injector.XG
Lotok.J
MSILZilla.TC
Nethief.B
Patcher.B
Philadelphia.A
Philadelphia.B
Rozena.XC
Spy.Agent.KG
Stealer.UHBD
Stealer.UHBE
Stealer.UHBF
Stealer.UHBG
Stealer.UHEA
Stealer.UHG
Stealer.UHN
Stealer.UHO
Stealer.UHV
Stealer.UHY
Stealer.UJC
Trojan.Agent.Gen.VN
Trojan.Filecoder.Gen.BM

Files Modified

File	Attributes
\device\namedpipe	Generic Read,Write Attributes
\device\namedpipe	Generic Write,Read Attributes
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll	Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll.000	Generic Write,Read Attributes
c:\program files\internet download manager	Synchronize,Write Attributes
c:\program files\internet download manager\__tmp_rar_sfx_access_check_2145640	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\internet download manager\idman.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data

c:\users\user\appdata\local\temp\4eb53f791690458bd98fc288b43e59d2035c10e8_0000389793	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\6fe3a02822c66a9ca65276cda033026ae6ca47cb_0000389794	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\9c3cb69fd8fcd8a928f5c88db62f2b15360137a3_0000389778	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\acknowledge -brk-.fon	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bassmod.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bit1.fon	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\c13fb1e8a5ecbbf9f97a5f97edde26a730845a1d_0000389804	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\c4ed54b54de9d6dc708af4deb8e7af3929188a63_0000389764.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\dup2patcher.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\f018c4fb7db8846f6848a79d992a5dc4b27f0614_0000389794	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\gotham nights.ttf	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsd305b.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nseb8e6.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nseb8f7.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nseb8f7.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nseb8f7.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsj30cb.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj30cb.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsn25ba.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsn25ba.tmp\execdos.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn25ba.tmp\execdos.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsn25ba.tmp\nsisfile.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn25ba.tmp\nsisfile.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsn25ba.tmp\registry.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn25ba.tmp\registry.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsn25ba.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn25ba.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsn2609.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn2609.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nst306c.tmp\execdos.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nst306c.tmp\nsisfile.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nst306c.tmp\registry.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nst306c.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsubacc.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsubacc.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsx3424.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx3424.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsy25b9.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\rarsfx0	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_2144656	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_2925984	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\ebook converter bundle crack uret.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ebook converter bundle crack uret.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ebook_converter_bundle_patch_uret_v1.2.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\ebook_converter_bundle_patch_uret_v1.2.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\runpatcher.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\runpatcher.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\tcpipx86.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\tcpipx86.exe	Synchronize,Write Attributes
c:\users\user\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3119368278-1123331430-659265220-1001\53f99c8554a4762c5199ddb27231004e_bfeb5820-9643-42ad-a79f-071dff4d8e64	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3119368278-1123331430-659265220-1001\549b9b645cadfe6bb4bc69cf363c354c_bfeb5820-9643-42ad-a79f-071dff4d8e64	Generic Write,Read Attributes
c:\users\user\downloads\bassmod.dll	Generic Write,Read Attributes
c:\users\user\downloads\igi.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\igi.exe	Synchronize,Write Attributes
c:\users\user\downloads\miponyportable.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\netsetmanportable.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\sqlserverpasswordchangerportable.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\appcompat\programs\amcache.hve	Read Data,Read Control,Write Data
c:\windows\appcompat\programs\amcache.hve	Write Attributes
c:\windows\system.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\system32\drivers\etc\hosts	Generic Write,Read Attributes
c:\windows\system32\kbdgr10.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\system32\kbdgr11.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\syswow64\kbdgr10.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\syswow64\kbdgr11.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\cryptography\oid\encodingtype 0\cryptdllfindoidinfo\1.3.6.1.4.1.311.60.3.1!7::name	szOID_ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION	RegNtPreCreateKey

HKLM\software\wow6432node\microsoft\cryptography\oid\encodingtype 0\cryptdllfindoidinfo\1.3.6.1.4.1.311.60.3.2!7::name	szOID_ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\cryptography\oid\encodingtype 0\cryptdllfindoidinfo\1.3.6.1.4.1.311.60.3.3!7::name	szOID_ROOT_PROGRAM_NO_OCSP_FAILOVER_TO_CRL	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Zxyylxmy\AppData\Local\Temp\nsn25BA.tmp\registry.dll	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Zxyylxmy\AppData\Local\Temp\nsn25BA.tmp\registry.dll\??\C:\Users\Zxyylxmy\AppData\Local\Temp\nsn25BA.tmp\	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\control\keyboard layout\doskeybcodes::00020407	gr	RegNtPreCreateKey
HKLM\system\controlset001\control\keyboard layout\doskeybcodes::00030407	gr	RegNtPreCreateKey
HKLM\system\controlset001\control\keyboard layouts\00020407::layout file	KBDGR10.DLL	RegNtPreCreateKey
HKLM\system\controlset001\control\keyboard layouts\00020407::layout id		RegNtPreCreateKey
HKLM\system\controlset001\control\keyboard layouts\00020407::layout text	Deutsch (Punkt)	RegNtPreCreateKey
HKLM\system\controlset001\control\keyboard layouts\00020407::layout display name	Deutsch (Punkt)-Tastatur	RegNtPreCreateKey
HKLM\system\controlset001\control\keyboard layouts\00030407::layout file	KBDGR11.DLL	RegNtPreCreateKey
HKLM\system\controlset001\control\keyboard layouts\00030407::layout id		RegNtPreCreateKey
HKLM\system\controlset001\control\keyboard layouts\00030407::layout text	Deutsch (IBM, Punkt)	RegNtPreCreateKey
HKLM\system\controlset001\control\keyboard layouts\00030407::layout display name	Deutsch (IBM, Punkt)-Tastatur	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\system::disabletaskmgr		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\system::disableregistrytools		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications		RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317		RegNtPreCreateKey
HKCU\software\apcr\1214104697::-456464662		RegNtPreCreateKey
HKCU\software\apcr\1214104697::1462786655		RegNtPreCreateKey
HKCU\software\apcr\1214104697::-912929324	#	RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993	ƣ	RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986	http://www.eri.edu.pk/images/logo.gifhttp://fourline.com.tr/i	RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331		RegNtPreCreateKey
HKCU\software\apcr::u1_0	⠺첖	RegNtPreCreateKey
HKCU\software\apcr::u2_0	ᖍ	RegNtPreCreateKey
HKCU\software\apcr::u3_0	権ă	RegNtPreCreateKey
HKCU\software\apcr::u4_0		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list::c:\users\user\downloads\1f0092b274fc484b1bbb83f8f30e54459e6015c8_0000113152	c:\users\user\downloads\1f0092b274fc484b1bbb83f8f30e54459e6015c8_0000113152:*:enabled:@shell32.dll,-1	RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317	✝	RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993	ö	RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986	http://1000autohits.wz.cz/left.gifhttp://www.centreyoughourta	RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331		RegNtPreCreateKey
HKLM\software\wow6432node\dfx\11\registration\stat::	2	RegNtPreCreateKey
HKLM\software\wow6432node\dfx\11\registration\serialnumber::		RegNtPreCreateKey
HKLM\software\wow6432node\dfx\11\registration\password::		RegNtPreCreateKey
HKLM\software\wow6432node\dfx\11\registration\regcount::	2	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::appinit_dlls	C:\PROGRA~1\COMMON~1\System\symsrv.dll	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::loadappinit_dlls		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::requiresignedappinit_dlls		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	큷뒓挒ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475	鲆ȁ ਪˣ鈯ˣ遙̃豤̃অˣ炑̃ 龡^濖̃賬̃獖}偫~엦1਷ˣ邯̃뫯ʃdᵂċᵆċeꙥЂ엦1¶iꙥr$֢vꙥ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\software\microsoft\tip\aggregateresults::data	鐄ȴ 鲱虍峟ʏ耀氅歿䃇픋˹耀뫹躧픋˹➇ⵌ㭔隞̃耀꧌Ϛ͂	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	췉ꥸ篚ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	銈꥽篚ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old5af521\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old5af62*1\??\C:\P	RegNtPreCreateKey

Windows API Usage

Category	API
Keyboard Access	GetKeyState
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory ZwMapViewOfSection
Process Shell Execute	CreateProcess ShellExecute ShellExecuteEx WriteConsole
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
User Data Access	GetComputerName GetComputerNameEx GetUserDefaultLocaleName GetUserName GetUserObjectInformation
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAddAtomEx ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcCreateResourceReserve ntdll.dll!NtAlpcCreateSecurityContext ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcQueryInformationMessage ntdll.dll!NtAlpcSendWaitReceivePort Show More ntdll.dll!NtAlpcSetInformation ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtGetCompleteWnfStateSubscription ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenMutant ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThread ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryEvent ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryTimerResolution ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetTimer2 ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTerminateProcess ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtTraceEvent ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForMultipleObjects ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory UNKNOWN win32u.dll!NtGdiAnyLinkedFonts 98 additional items are not displayed above.
Process Terminate	TerminateProcess
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
Network Winsock2	WSAStartup
Network Wininet	HttpOpenRequest HttpQueryInfo HttpSendRequest InternetConnect InternetOpen InternetQueryOption InternetSetOption
Network Winhttp	WinHttpOpen

Shell Command Execution


							(NULL) C:\Users\Kfffbeyg\AppData\Local\Temp\c4ed54b54de9d6dc708af4deb8e7af3929188a63_0000389764.exe  end


							certutil -f -p "" -importPFX "C:\Users\Zxyylxmy\AppData\Local\Temp\nsn2609.tmp"


							(NULL) C:\Users\Syzgyspr\AppData\Local\Temp\f018c4fb7db8846f6848a79d992a5dc4b27f0614_0000389794  end


							(NULL) C:\Users\Foroefzr\AppData\Local\Temp\6fe3a02822c66a9ca65276cda033026ae6ca47cb_0000389794  end


							(NULL) C:\Users\Buinxjno\AppData\Local\Temp\c13fb1e8a5ecbbf9f97a5f97edde26a730845a1d_0000389804  end


									HTMLSqueezer.exe "c:\users\user\downloads\1c1791f9664a367955b2ef831adc28ba403fbe30_0000011394"


									certutil -f -p "" -importPFX "C:\Users\Gahxlkug\AppData\Local\Temp\nsj30CB.tmp"


									(NULL) C:\Users\Puouovle\AppData\Local\Temp\9c3cb69fd8fcd8a928f5c88db62f2b15360137a3_0000389778  end


									(NULL) C:\Users\Zstxztdl\AppData\Local\Temp\4eb53f791690458bd98fc288b43e59d2035c10e8_0000389793  end


									C:\Windows\Microsoft.NET\Framework\v2.0.50727\\dw20.exe dw20.exe -x -s 892


									(NULL) C:\Users\Xcvtzvtk\AppData\Local\Temp\RarSFX0\eBook Converter Bundle Crack URET.exe


									C:\WINDOWS\system32\cmd.exe /c SchTasks  /create /SC MINUTE /TN MicrosoftServis /TR %TEMP%\Interface.exe /MO 35


									(NULL) C:\Users\Xcvtzvtk\AppData\Local\Temp\RarSFX0\eBook_Converter_Bundle_Patch_URET_v1.2.exe


									C:\WINDOWS\system32\schtasks.exe SchTasks   /create /SC MINUTE /TN MicrosoftServis /TR C:\Users\Xcvtzvtk\AppData\Local\Temp\Interface.exe /MO 35


									WriteConsole: Access is denied


									(NULL) C:\Users\Rwcfeytd\AppData\Local\Temp\RarSFX0\runpatcher.exe


									Tcpipx86.exe

HackTool:Win32/Patcher

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove HackTool:Win32/Patcher

File System Details

Registry Details

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Related Posts

Trending

Most Viewed