What is “W32/Patched-AL”?

The W32/Patched-AL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What W32/Patched-AL virus can do?

At least one process apparently crashed during execution
Sample contains Overlay data
Presents an Authenticode digital signature
Authenticode signature is invalid
Anomalous binary characteristics

How to determine W32/Patched-AL?


File Info:
name: 8928BF8C845E25633F78.mlw
path: /opt/CAPEv2/storage/binaries/024d0da4f4b3ec9958a91c434f4a2d31e396554c2e6961e7a45a6a97c4ee8bb4
crc32: 08C0CDEC
md5: 8928bf8c845e25633f7846eeb6411e77
sha1: 09dfb0e34459e485876cea2e6010f33825dd9ac6
sha256: 024d0da4f4b3ec9958a91c434f4a2d31e396554c2e6961e7a45a6a97c4ee8bb4
sha512: 9baa1e2ee7238e1820e9982c8688944f6d273f7d7a503457eb008e6780996087dcecbd94b7fe67024590fd08942485e08b8e39c64227b4f2998ab39ea07e1c79
ssdeep: 6144:4YdP3jv/tB0D8AtqHQhr3+s92zIDXacKGC6HNbJHaXlFH3xCIyz:F3jtO8Iq47ZDrbC6HNK
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T15074BFA2B7D280B3DC831A716D2B67369A7EA30E172B14C397D50ED40D511E1DA3D3AA
sha3_384: 7e31cc7ddae84471967c3f82d6c2d5c85a163e6f73e8d4b1ddd21727066ada677adebec37cc2cc4a5802ccff6c45ccf4
ep_bytes: 68c8264300e934060000e80f00000043
timestamp: 2010-02-12 19:32:47

Version Info:
CompanyName: Apple Inc.
FileDescription: Bonjour Service
FileVersion: 2.0.0.34
InternalName: mDNSResponder.exe
LegalCopyright: Copyright (C) 2003-2010 Apple Inc.
OriginalFilename: mDNSResponder.exe
ProductName: Bonjour
ProductVersion: 2.0.0.34
Translation: 0x0409 0x04b0

W32/Patched-AL also known as:

Bkav	W32.PatchedZB.PE
Lionic	Trojan.Win32.Patched.lnqW
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Patched.HE
CAT-QuickHeal	W32.Patchload.O
ALYac	Trojan.Patched.HE
Cylance	Unsafe
VIPRE	Trojan.Patched.HE
K7AntiVirus	Trojan ( 0026f5d91 )
Alibaba	Trojan:Win32/Patchload.45461ce3
K7GW	Trojan ( 0026f5d91 )
CrowdStrike	win/malicious_confidence_90% (W)
Baidu	Win32.Virus.Loader.l
VirIT	Win32.Yoshi.E
Cyren	W32/Patched.G
Symantec	Trojan.Paccyn!inf
ESET-NOD32	Win32/Patched.HN
ClamAV	Win.Trojan.Patched-143
Kaspersky	Trojan.Win32.Patched.mf
BitDefender	Trojan.Patched.HE
NANO-Antivirus	Trojan.Win32.Patched.dwgwe
Avast	Win32:Patched-WQ [Trj]
Tencent	Virus.Win32.Patched.mf
Ad-Aware	Trojan.Patched.HE
Sophos	W32/Patched-AL
Comodo	TrojWare.Win32.Patched.HN@3bsert
DrWeb	Trojan.Starter.1695
Zillya	Trojan.Patched.Win32.57215
TrendMicro	PTCH_KATUSHA.W
McAfee-GW-Edition	W32/Katusha
FireEye	Trojan.Patched.HE
Emsisoft	Trojan.Patched.HE (B)
GData	Trojan.Patched.HE
Jiangmin	TrojanSpy.Zbot.adxr
Webroot	W32.Malware.Gen
Avira	W32/Patchload.A
MAX	malware (ai score=100)
Antiy-AVL	Trojan/Generic.ASVirus.2BD
ViRobot	Win32.Patched.BE
Microsoft	Virus:Win32/Patchload.O
Cynet	Malicious (score: 100)
AhnLab-V3	Win-Trojan/Patched.DD
McAfee	W32/Katusha
TACHYON	Virus/W32.Patched.Gen
VBA32	Trojan-Spy.Zbot.gen
Malwarebytes	Malware.AI.471752596
TrendMicro-HouseCall	PTCH_KATUSHA.W
Rising	Virus.Loader!1.9B09 (CLASSIC)
Yandex	Win32.Katusha.Gen
Ikarus	Virus.Win32.Patchload
MaxSecure	Virus.W32.Patched.MF
Fortinet	W32/Patched.MF!tr
AVG	Win32:Patched-WQ [Trj]
Cybereason	malicious.c845e2
Panda	W32/Katusha.BN

How to remove W32/Patched-AL?

W32/Patched-AL removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X