Trojan.Patcher.A
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 3,125 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 31,576 |
| First Seen: | February 13, 2012 |
| Last Seen: | December 12, 2025 |
| OS(es) Affected: | Windows |
Table of Contents
Aliases
9 security vendors flagged this file as malicious.
| Antivirus Vendor | Detection |
|---|---|
| Ikarus | not-a-virus.Patch.Diskeeper |
| Microsoft | HackTool:Win32/AppPatcher |
| Antiy-AVL | Trojan/win32.agent.gen |
| AntiVir | SPR/Tool.AppPatcher |
| Comodo | ApplicUnwnt.Win32.HackTool.AppPatcher.asc |
| eSafe | Win32.SPRTool.AppPat |
| F-Prot | W32/AppPatcher |
| K7AntiVirus | Hacktool |
| McAfee | Artemis!725E6EB820CC |
File System Details
Trojan.Patcher.A may create the following file(s):
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | PATCH.EXE | 725e6eb820cceeba72b623af35f1c06f | 91 |
Analysis Report
General information
| Family Name: | Trojan.Patcher.A |
|---|---|
| Packers: | UPX |
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
1e02fa3f934fbcdfeab86eb880f7d5ea
SHA1:
8ecaac6a037918b5d8722eab7e44c4af8ed6cac3
SHA256:
F009874189618C227FC066532BFC37BCFA6F07CA8C0BB7C6353DD156DC952666
File Size:
199.17 KB, 199168 bytes
|
|
MD5:
4c80fc82ea590e935a9034f13b488c01
SHA1:
3c4ff39cf910cd4de5905af2e4c8367b7b33b8c7
SHA256:
813ACF2CBD3DCB7E8BF344E35A9556173077212E2C04AE6881C2C6E3490FFDC7
File Size:
559.10 KB, 559104 bytes
|
|
MD5:
09d5f2519ffa4cddee59a4027530811b
SHA1:
be9b12c67bbba1f279d5206d3b89917b7cd64af4
SHA256:
5E19EA36665DE7157E86237806011BCD39902152C3BC89942BA7A3259418BC20
File Size:
208.63 KB, 208626 bytes
|
|
MD5:
9db1a94b872ace78b39680ac68248f1b
SHA1:
82c8a58b6f31dac2c515fea5002673066690b64f
SHA256:
3EDAD1F2E16D29B5242BF3068BF99A93CBA691161E5530ECAAC8FE5C68D06634
File Size:
75.78 KB, 75776 bytes
|
|
MD5:
666e68025f8461de89c8ff534c299a83
SHA1:
05f9de3bad8dc85a16935018bc08c836ad81ce5e
SHA256:
CCE8007E0EF20CB89925E1B4BEC186C3A32598DD3952E22A53FCC11A9B52D9EF
File Size:
199.68 KB, 199680 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has been packed
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name | KelSat Presents |
| File Description | Ghostbusters V2.0.1.0 Plus 5 Trainer |
| File Version |
|
| Internal Name |
|
| Legal Copyright | KelSat Presents |
| Original Filename | TJprojMain.exe |
| Product Name |
|
| Product Version |
|
File Traits
- .adata
- .aspack
- ASPack v2.12
- HighEntropy
- No Version Info
- packed
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 39 |
|---|---|
| Potentially Malicious Blocks: | 4 |
| Whitelisted Blocks: | 22 |
| Unknown Blocks: | 13 |
Visual Map
?
?
?
?
0
?
?
?
?
?
?
?
?
?
x
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Patcher.A
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Other Suspicious |
|
| Anti Debug |
|
| User Data Access |
|
