Crack Trojan

Trojan.Patched.HE removal guide

Malware Removal

The Trojan.Patched.HE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan.Patched.HE virus can do?

  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Trojan.Patched.HE?


File Info:

name: 15D27D1F743317D9B221.mlw
path: /opt/CAPEv2/storage/binaries/93b639e7fea5fe6b5f9014b84061dd672302993cccfcbd5fa0bf204ec45d4779
crc32: BCB4AC4E
md5: 15d27d1f743317d9b2216439cdbd3949
sha1: 36b5bc29cd27f1b412a3de7b6b00385bd2e6cc2b
sha256: 93b639e7fea5fe6b5f9014b84061dd672302993cccfcbd5fa0bf204ec45d4779
sha512: 1dd1cecd5c2bebce9097901ac2720814aed117c41bb475f74592ebd35be62bbc5cc943bce601b6279be0bf9b9ced3bcad47eafd009ffbc7d58e88fc053959525
ssdeep: 384:RfufJPOgT+Ro/1+rGze9uIUi8hjk5XYtg0pSwzXTurbJQs7R/Rjo9Yftv1PM2tvV:gGgv1A8ewJPU4XTlqpdftv1JJ2T6WGB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12F139312728B0732C97819B584FB252013F1AB8F6733D94A3F4C234DAA533939E69B5D
sha3_384: 3db4110f763c918df8f8683cb96e744d97b83bcb8bcdd9f9f622c093eb9e3837a0440476d74df879408ca42409b64b82
ep_bytes: 688eae4000e934060000e80f00000043
timestamp: 2011-10-13 15:32:58

Version Info:

Translation: 0x0000 0x04b0
Comments: Host Process for Windows Services
CompanyName: Microsoft Corporation
FileDescription: Host Process for Windows Services
FileVersion: 6.1.7600.16385
InternalName: svchost.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: svchost.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.1.7600.16385
Assembly Version: 6.1.7600.16385

Trojan.Patched.HE also known as:

BkavW32.PatchedZB.PE
LionicTrojan.Win32.Patched.lnqW
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Patched.HE
FireEyeGeneric.mg.15d27d1f743317d9
CAT-QuickHealW32.Patchload.O
ALYacTrojan.Patched.HE
CylanceUnsafe
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanSpy:Win32/Genmalmil.e50e08b2
K7GWTrojan ( 0026f5d91 )
K7AntiVirusTrojan ( 0026f5d91 )
ArcabitTrojan.Patched.HE
BaiduWin32.Virus.Loader.l
VirITWin32.Yoshi.E
CyrenW32/Patched.G
SymantecTrojan.Paccyn!inf
ESET-NOD32Win32/Patched.HN
APEXMalicious
ClamAVWin.Trojan.Patched-143
KasperskyTrojan.Win32.Patched.mf
BitDefenderTrojan.Patched.HE
NANO-AntivirusTrojan.Win32.Patched.dwgwe
AvastMSIL:Agent-BOF [Trj]
TencentVirus.Win32.Patched.mf
Ad-AwareTrojan.Patched.HE
SophosW32/Patched-AL
ComodoTrojWare.Win32.Patched.HN@3bsert
DrWebTrojan.Starter.1695
ZillyaTrojan.Patched.Win32.46074
TrendMicroPTCH_KATUSHA.W
McAfee-GW-EditionW32/Katusha
EmsisoftTrojan.Patched.HE (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojanSpy.Zbot.adxr
WebrootW32.Trojan.Patched
AviraW32/Patchload.A
MAXmalware (ai score=100)
MicrosoftTrojan:MSIL/Genmalmil
ViRobotWin32.Patched.BE
GDataTrojan.Patched.HE
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/Patched.DD
McAfeeW32/Katusha
TACHYONVirus/W32.Patched.Gen
VBA32Trojan-Spy.Zbot.gen
ZonerProbably Heur.ExeHeaderL
TrendMicro-HouseCallPTCH_KATUSHA.W
RisingVirus.Loader!1.9B09 (CLASSIC)
IkarusVirus.Win32.Patchload
MaxSecureVirus.W32.Patched.MF
FortinetW32/Patched.MF!tr
BitDefenderThetaGen:NN.ZemsilF.34666.cq0@amtxdzp
AVGMSIL:Agent-BOF [Trj]
Cybereasonmalicious.f74331
PandaW32/Katusha.BN

How to remove Trojan.Patched.HE?

Trojan.Patched.HE removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment