Patch exe Trojan Agent File Malware Analysis: f827729b36cd1422ae732a86a959526f

Patch.exe Trojan Agent Analysis

Updated 1 year ago

Checked by Malaware Check

Patch.exe

Hash Type	Value	Action
MD5	f827729b36cd1422ae732a86a959526f
SHA1	6f7972b7209184726352cd43ee124c1f53ea4152
SHA256	3de59543f9b3e5dacfa430f02d8cceed5db1e18708b6cb1e52a860f844e20fa7
SHA512	3e037ec157ee9c2ddf13e100b779c7b7f274bb3ccd920a3ce0554935310d1f14d2dcf527b51f4c945e7a2d82ad4bf62a16831f09affb2873624ceeac3ad5c1c5
ImpHash	09d0478591d4f788cb3e5ea416c25237

Hash Type

Value

Action

MD5

f827729b36cd1422ae732a86a959526f

SHA1

6f7972b7209184726352cd43ee124c1f53ea4152

SHA256

3de59543f9b3e5dacfa430f02d8cceed5db1e18708b6cb1e52a860f844e20fa7

SHA512

3e037ec157ee9c2ddf13e100b779c7b7f274bb3ccd920a3ce0554935310d1f14d2dcf527b51f4c945e7a2d82ad4bf62a16831f09affb2873624ceeac3ad5c1c5

ImpHash

09d0478591d4f788cb3e5ea416c25237

PE Analysis

Basic Information

▼

Icon	Hash: ede664a14a3b81c5d245b9839342d7f4 Fuzzy: 6d67492ea719df058f153f0cb6325b11 dHash: f8840233920e9cc9
Image Base	`0x00400000`
Entry Point	`0x004010f0`
Compilation Time	2012-04-24 09:11:09
Checksum	0x0005ac8e (Actual: 0x0005ac8e)
OS Version	4.0
PEiD Signatures	`PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed`
Digital Signature	The PE file does not contain a certificate table.
Imports	1 libraries kernel32
Exports	0 functions
Resources	21 Resources
Sections	2 Sections

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	475,136 bytes	325,120 bytes	8.00 (Packed/Encrypted)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`8B819BF8B906C6D1880C8A14F9BC23FF`
`.rsrc`	`0x00075000`	24,576 bytes	23,552 bytes	4.66 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`2320269F76129A927019545E8A2FD64F`

Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

▼

Total Resources: 21 (355,719 bytes)

Resource Type	Count	Total Size	Percentage
RT_ICON	1	16,936 bytes	4.8%
RT_DIALOG	2	640 bytes	0.2%
RT_RCDATA	15	332,896 bytes	93.6%
RT_GROUP_ICON	1	20 bytes	0%
RT_ANICURSOR	1	4,446 bytes	1.2%
RT_MANIFEST	1	781 bytes	0.2%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Removal Instructions

Follow these steps to completely remove the threat from your system

Start by downloading Gridinsoft Anti-Malware to your computer.
Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
Click on the "Standard Scan" button to begin scanning your computer for threats.
After the scanning process is finished, click on "Clean Now" to remove any detected threats.
If prompted, restart your system to complete the removal process and ensure all threats are eliminated.

Important: Before You Start

Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

File Name	Patch.exe
File Type	PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed
Scanner Version	1.0.170.174
Database Version	2024-04-03 14:00:40 UTC

Patch.exe Trojan Agent Analysis

Technical Analysis

Trojan.Win32.Agent.ns

Scan Another File

File Identification