Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Patcher.A

Trojan.Patcher.A

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 2,780
Threat Level: 80 % (High)
Infected Computers: 31,628
First Seen: February 13, 2012
Last Seen: January 12, 2026
OS(es) Affected: Windows

Aliases

9 security vendors flagged this file as malicious.

Antivirus Vendor Detection
Ikarus not-a-virus.Patch.Diskeeper
Microsoft HackTool:Win32/AppPatcher
Antiy-AVL Trojan/win32.agent.gen
AntiVir SPR/Tool.AppPatcher
Comodo ApplicUnwnt.Win32.HackTool.AppPatcher.asc
eSafe Win32.SPRTool.AppPat
F-Prot W32/AppPatcher
K7AntiVirus Hacktool
McAfee Artemis!725E6EB820CC

File System Details

Trojan.Patcher.A may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. PATCH.EXE 725e6eb820cceeba72b623af35f1c06f 91

Analysis Report

General information

Family Name: Trojan.Patcher.A
Signature status: No Signature

Known Samples

MD5: 1e02fa3f934fbcdfeab86eb880f7d5ea
SHA1: 8ecaac6a037918b5d8722eab7e44c4af8ed6cac3
SHA256: F009874189618C227FC066532BFC37BCFA6F07CA8C0BB7C6353DD156DC952666
File Size: 199.17 KB, 199168 bytes
MD5: 4c80fc82ea590e935a9034f13b488c01
SHA1: 3c4ff39cf910cd4de5905af2e4c8367b7b33b8c7
SHA256: 813ACF2CBD3DCB7E8BF344E35A9556173077212E2C04AE6881C2C6E3490FFDC7
File Size: 559.10 KB, 559104 bytes
MD5: 09d5f2519ffa4cddee59a4027530811b
SHA1: be9b12c67bbba1f279d5206d3b89917b7cd64af4
SHA256: 5E19EA36665DE7157E86237806011BCD39902152C3BC89942BA7A3259418BC20
File Size: 208.63 KB, 208626 bytes
MD5: 9db1a94b872ace78b39680ac68248f1b
SHA1: 82c8a58b6f31dac2c515fea5002673066690b64f
SHA256: 3EDAD1F2E16D29B5242BF3068BF99A93CBA691161E5530ECAAC8FE5C68D06634
File Size: 75.78 KB, 75776 bytes
MD5: 666e68025f8461de89c8ff534c299a83
SHA1: 05f9de3bad8dc85a16935018bc08c836ad81ce5e
SHA256: CCE8007E0EF20CB89925E1B4BEC186C3A32598DD3952E22A53FCC11A9B52D9EF
File Size: 199.68 KB, 199680 bytes
Show More
MD5: 5fadf7f209ca6b8d5f48f44632499fa5
SHA1: 06eb1147c360da16038913d6a41d0632833a0418
SHA256: 959F10F5F75D71204AE37F8C88A654AA5A5A3EF28D93138951428E6186A864C5
File Size: 43.52 KB, 43520 bytes
MD5: f13d6eef074deba9bbcae43bfe3deae9
SHA1: 42cb64633c5af4a25b31b69159e03ff0a4af7f5c
SHA256: 57BBDFE3D9042FC2E449E989ADF52E7AF7595CA43A9817FE4AB7BB11A17221AA
File Size: 62.98 KB, 62976 bytes
MD5: 7be418e29528db21fb103318a623defe
SHA1: f9b839d7beaa9ce4c11793b96c3368424489a164
SHA256: 92A981EAF943F22AB731D099AA123CD1545D83E61161E7882A61809CA8D5E825
File Size: 461.42 KB, 461415 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name KelSat Presents
File Description Ghostbusters V2.0.1.0 Plus 5 Trainer
File Version
  • 1.00
  • 1, 0, 0, 0
Internal Name
  • Ghostbusters V2.0.1.0 Plus 5 Trainer
  • TJprojMain
Legal Copyright KelSat Presents
Original Filename TJprojMain.exe
Product Name
  • Ghostbusters V2.0.1.0 Plus 5 Trainer
  • Project1
Product Version
  • 1.00
  • 1, 0, 0, 0

File Traits

  • .adata
  • .aspack
  • .UPX
  • 2+ executable sections
  • ASPack v2.12
  • HighEntropy
  • No Version Info
  • packed
  • UPX!
  • WriteProcessMemory
Show More
  • x86

Block Information

Similar Families

  • Patcher.A

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7za.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a.7z Generic Write,Read Attributes
c:\users\user\appdata\local\temp\keygen.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\lanbo.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\lanbo.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nslbcbe.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nslbcbe.tmp\execdos.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslbcbe.tmp\execdos.dll Synchronize,Write Attributes
Show More
c:\windows\syswow64\brewers.dll Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ꧲뫼華ǜ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old5af52*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old5af62*1\??\C:\P RegNtPreCreateKey

Windows API Usage

Category API
Other Suspicious
  • SetWindowsHookEx
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
Show More
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Process Terminate
  • TerminateProcess

Shell Command Execution

"C:\Users\Kjttyhlk\AppData\Local\Temp\7za.exe" x "C:\Users\Kjttyhlk\AppData\Local\Temp\a.7z" -p5FD2ByXlbB -o"C:\Users\Kjttyhlk\AppData\Local\Temp\" -aoa
C:\Users\Kjttyhlk\AppData\Local\Temp\keygen.exe
C:\Users\Kjttyhlk\AppData\Local\Temp\lanbo.exe

Trending

Most Viewed

Loading...