Crack • Trojan

Trojan.Win64.Patched.q (file analysis)

The Trojan.Win64.Patched.q is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan.Win64.Patched.q virus can do?

The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Trojan.Win64.Patched.q?


File Info:
name: 0B2F0FEE52DFD4E271CF.mlw
path: /opt/CAPEv2/storage/binaries/c8297eae07850b956b634ee7c011e5fb501ff2be4def4f29b12c84f751f8fc4e
crc32: 7261D95E
md5: 0b2f0fee52dfd4e271cf2887bd66cc02
sha1: 103ad85b7b2c6878fcac63f6d78a20ad98a740e7
sha256: c8297eae07850b956b634ee7c011e5fb501ff2be4def4f29b12c84f751f8fc4e
sha512: ed98a6ccebc40b7b400f24f1c9597497a036681091f3ee1104cf330ac79d99ae78f90917dd2c818c37abfe82adf2c69211bbf4a0095bd9c29dda9e53ed531f3c
ssdeep: 49152:5VBk/LXQ8GYZOX2a5ygdly2MHB3vHn//1eF0nra4CQT1mkdmkmQBb:u1cyv/n/ZmGmf2b
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T13926E602A602F0A5D80D8CF0C9999AF15A25BC5EE3F5D59730D47E98F9B22CD3936E07
sha3_384: 046aa36694faf6820901d738effd5439c0dc5ae2089b2dee5e8ec1225e31fb5abcf38806ffb3186954928f473cb0de60
ep_bytes: 4881ec680a0000e8b40f000048898424
timestamp: 1970-01-01 15:50:05

Version Info:
CompanyName: YANDEX LLC
FileDescription: Yandex
FileVersion: 21.8.3.614
InternalName: chrome_exe
LegalCopyright: Copyright (c) 2012-2021 YANDEX LLC. All Rights Reserved.
OriginalFilename: browser.exe
ProductName: Yandex
ProductVersion: 21.8.3.614
ProductChromiumVersion: 92.0.4515.159
ProductYandexVersion: 21.8.3.614
CompanyShortName: YANDEX LLC
ProductShortName: Yandex
LastChange: 0bf3e54f62c4f882acc6f50399896c920c320351
Official Build: 1
Translation: 0x0409 0x04b0

Trojan.Win64.Patched.q also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Ulise.100466
FireEye	Generic.mg.0b2f0fee52dfd4e2
ALYac	Gen:Variant.Ulise.100466
Cylance	Unsafe
K7GW	Trojan ( 0056398b1 )
K7AntiVirus	Trojan ( 0056398b1 )
Cyren	W64/Scar.AL.gen!Eldorado
ESET-NOD32	a variant of Win64/TrojanDownloader.Agent.EB
APEX	Malicious
ClamAV	Win.Malware.Ulise-9870412-0
Kaspersky	Trojan.Win64.Patched.q
BitDefender	Gen:Variant.Ulise.100466
Ad-Aware	Gen:Variant.Ulise.100466
Emsisoft	Gen:Variant.Ulise.100466 (B)
DrWeb	Win32.HLLW.Phorpiex.1387
TrendMicro	Trojan.Win64.SMALL.SMTX
Sophos	ML/PE-A
Ikarus	Win32.Infector
GData	Gen:Variant.Ulise.100466
Jiangmin	Trojan.Mansabo.ayj
Avira	W32/Infector.Gen
MAX	malware (ai score=81)
Microsoft	TrojanDownloader:Win32/SmallAgent!atmn
Cynet	Malicious (score: 99)
AhnLab-V3	Downloader/Win.Patched.X2092
TACHYON	Worm/W32.ZeroDownloader
Malwarebytes	Malware.AI.571224733
TrendMicro-HouseCall	Trojan.Win64.SMALL.SMTX
Fortinet	W64/CoinMiner.HI!tr
Cybereason	malicious.e52dfd

How to remove Trojan.Win64.Patched.q?

Trojan.Win64.Patched.q removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X