Home / malwarePDF  

HackTool:Win32/Patch


First posted on 08 March 2012.
Source: Microsoft

Aliases :

There are no other names known for HackTool:Win32/Patch.

Explanation :

HackTool:Win32/Patch is a family of hacking tools intended to modify, or "patch", programs that may be evaluation copies, or unregistered versions with limited features for the purpose of removing the limitations.


Top

HackTool:Win32/Patch is a family of hacking tools intended to modify, or "patch", programs that may be evaluation copies, or unregistered versions with limited features for the purpose of removing the limitations.

Variants of this family have been observed to modify installed software so that scheduled updates are ignored, and to alter the software's execution process.

It is recommended that you do not run applications detected as HackTool:Win32/Patch, as they may be associated with other malicious, or potentially unwanted applications.



Installation

Variants of the HackTool:Win32/Patch family may be downloaded from Peer-to-Peer (P2P) networks, or any number of software download websites.

Installation details vary for variants of HackTool:Win32/Patch. Below are some examples of registry modifications created by two common variants:

HackTool:Win32/Patch for 'Internet Download Manager Software':

In subkey: HKLM\SOFTWARE\Internet Download Manager
Sets value: "FName"
With data: "z o"
Sets value: "Serial"
With data: "3LQJU-3FTNQ-R6Q8H-IM36A"
Sets value: "LName"
With data: "o"
Sets value: "Email"
With data: "f<removed>kass@mail.ro"

HackTool:Win32/Patch for 'NERO'"

In subkey: HKLM\SOFTWARE\Nero\Shared\NL9
Sets value: "Serial9_1230179532"
With data: "4M03-8379-8APW-PTEE-M7WC-6ZL9-XWH7-A48W"
Sets value: "Serial9_1230179536"
With data: "7M03-8177-56X8-U6T3-MHPT-4CUC-E7CP-3E9Z"
Sets value: "Serial9_1230179539"
With data: "7M03-8X6C-87P6-LLHL-E8UT-73TK-UMH5-1ZWH"
Sets value: "Serial9_1230179548"
With data: "EM0A-86KM-AAH4-UWEZ-T5TX-E2A0-UTPM-9ZCW"
Sets value: "Serial9_1230179554"
With data: "7M0A-812E-8KZ0-EZHK-H6Z2-PH83-LZHK-AM11"
Sets value: "Serial9_1230179557"
With data: "4M0A-8KA9-5WTM-H0UH-XHCP-MW4U-CATK-AW2U"
Sets value: "Serial9_1230179561"
With data: "5M09-80MA-8CLC-L7W5-CPPA-TC7L-CTH7-AM32"
Sets value: "Serial9_1230179563"
With data: "7M09-821M-A9CK-UHUW-P6TL-E125-KKZ2-8941"
Sets value: "Serial9_1230179567"
With data: "7M09-88KA-6KE7-HMWZ-PKC9-X733-E6XL-A4H9"
Sets value: "Serial8_1230179573"
With data: "9KX0-2995-95KC-5120-8KAX-4647-9523"
Sets value: "Serial8_1230179575"
With data: "7KX0-7693-91X9-75K0-EX4K-39EE-C588"
Sets value: "Serial9_1230179581"
With data: "9M11-85E7-13W4-T7H7-ULKX-L87W-WHL9-496P"
Sets value: "Serial9_1230179585"
With data: "7M11-87X5-5EM1-XCHK-XXX8-H89X-PHP0-4MP5"
Sets value: "Serial9_1230179586"
With data: "EM11-8MM3-50XW-P4LE-EWT1-M881-HXKA-328U"
Sets value: "Serial9_1230179610"
With data: "5M06-84A5-95H9-XUX0-HCXC-PA7X-XWCE-7L9W"
Sets value: "Serial9_1230179612"
With data: "7M06-837E-0AP7-E1W0-XHP9-H81U-KKME-42AK"
Sets value: "Serial9_1230179614"
With data: "KM06-8K3M-47EP-THX2-TKE4-LCP9-M9MP-0ACW"
Sets value: "Serial8_1230179618"
With data: "4K00-0KA7-0AM6-5K20-6290-4386-904C"
Sets value: "Serial8_1230179620"
With data: "7K00-3706-06AE-6490-089C-6A65-CAA0"
Sets value: "Serial7_1230179625"
With data: "EC00-8017-9882-207C-E957-4K3K-403M"
Sets value: "Serial7_1230179627"
With data: "1C00-6040-995C-21CA-X697-9331-EA4E"
Sets value: "Serial8_1230179633"
With data: "KKX1-0145-92XC-5EK0-4C64-AMC0-3314"
Sets value: "Serial8_1230179636"
With data: "7KX1-2A7C-87K5-5CK0-3E47-CM05-9032"
Sets value: "Serial9_1230179641"
With data: "4M0C-848X-7TMC-PHWZ-M6LC-T0WA-TCH1-2C1M"
Sets value: "Serial9_1230179643"
With data: "7M0C-8661-53P5-K3P1-TCMM-K8H8-HHET-241U"
Sets value: "Serial9_1230179647"
With data: "KM0C-8KM6-41XH-UZE4-H1XA-T9K1-E3U5-133A"
Sets value: "Serial9_1230179653"
With data: "EM0E-8482-87XL-P9MM-HUWH-K8CU-L9TC-5T3W"
Sets value: "Serial9_1230179655"
With data: "7M0E-80K6-1WHL-LWW2-LMWA-C7WU-T3X0-8459"
Sets value: "Serial9_1230179658"
With data: "7M0E-8C80-1THM-PTL8-WZWU-X0PC-PPMT-8LHZ"
Sets value: "Serial7_1230179667"
With data: "5C06-303K-984X-2AM6-5A0X-32M5-E823"
Sets value: "Serial7_1230179670"
With data: "1C06-60C1-99ME-2C79-3X4X-5AK3-89ME"
Sets value: "Serial9_1230179676"
With data: "4M13-875K-15CZ-WUC4-L0MU-L2XW-CAWL-1PPA"
Sets value: "Serial9_1230179680"
With data: "7M13-87C8-3XM4-Z4KU-X1M6-ELKL-XAW7-4E7P"
Sets value: "Serial9_1230179683"
With data: "5M13-8C53-56KH-M0M4-EXM5-TKWC-W4UA-1K9A"
Sets value: "Serial7_1230179692"
With data: "5E30-AAEA-984C-X0KE-66M9-4X80-M5X5"
Sets value: "Serial7_1230179723"
With data: "4EA0-3EM3-1978-89X5-K479-7ACX-1EX9"
Sets value: "Serial7_1230179727"
With data: "5E90-6M37-992A-131K-5134-XA13-4146"
Sets value: "Serial7_1230179730"
With data: "4EC0-3AM5-1989-K105-XA33-6X82-7999"
Sets value: "Serial7_1230179733"
With data: "1E11-5ACA-98M2-5A16-X2KM-1730-3340"
Sets value: "Serial7_1230179736"
With data: "5E60-KE31-194X-29X5-5E9A-6K72-K3X2"
Sets value: "Serial7_1230179739"
With data: "1EE0-KXKE-18C0-5503-K99A-6X0A-6AEM"
Sets value: "Serial7_1230179742"
With data: "1E31-1AM8-1913-4866-5X89-846K-KMC9"

HackTool:Win32/Patch may also modify the main executable file of the product or software.

Additional information

It is recommended that you do not run applications detected as HackTool:Win32/Patch, as they may be associated with other malicious, or potentially unwanted applications.



Analysis by Ding Plazo

Last update 08 March 2012

 

TOP

Malware :