Crack

Win32/Patched.NKI malicious file

Malware Removal

The Win32/Patched.NKI is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Patched.NKI virus can do?

  • Authenticode signature is invalid
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32/Patched.NKI?



File Info:

name: EF5ED61413CEBB2D8A10.mlw
path: /opt/CAPEv2/storage/binaries/527734cd595f2362084682f2f7881dd2119b584e9f1eaef815d2add3e4425edd
crc32: 6430EA87
md5: ef5ed61413cebb2d8a1014f80281f7b6
sha1: 681c8099e0a4b78701966bf5d989d705baf76366
sha256: 527734cd595f2362084682f2f7881dd2119b584e9f1eaef815d2add3e4425edd
sha512: 105e24e813abe95498d3c46795a2dc1a5b56cb4f6b1d5be36ecf32f6e1c6d8a6db052c96a4052100c81599456ecf9e2cf6f15a80b2226f99cb4041f6b1c887ee
ssdeep: 384:hpppNmiMI1g8NNPtnYybTiRFWOfihFUOLg2JeaW9C5bW9odW:hE87GcTiaGihFbeaw
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T121924A1181E664B1F0A1193439BA33B3D676BE211968E7CB3718C86E1F74903CE36AC7
sha3_384: 0761c74d8ae6f88be878456152ef5ee1a13a9752b1e26e68502a4ce41f3cee0f7f8bf5fe3dc52a736cd1d9b32f1197b0
ep_bytes: 558bec83c4c0535657535657fc31d264
timestamp: 2009-07-13 23:19:28


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Host Process for Windows Services
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
InternalName: svchost.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: svchost.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.1.7600.16385
Translation: 0x0409 0x04b0

Win32/Patched.NKI also known as:

BkavW32.AIDetectMalware
McAfeeArtemis!EF5ED61413CE
Cylanceunsafe
SangforTrojan.Win32.Patched.Vjej
AlibabaTrojan:Win32/ShellCode.2f519051
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Patched.NKI
NANO-AntivirusVirus.Win32.Gen.ccmw
AvastSf:ShellCode-AO [Trj]
McAfee-GW-EditionBehavesLike.Win32.Rootkit.mm
SophosGeneric Reputation PUA (PUA)
IkarusTrojan.Kovter
GDataWin32.Trojan.PSE.17GPP2
Antiy-AVLTrojan/Win32.Patched
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
RisingTrojan.Patched!8.B7 (CLOUD)
FortinetW32/Patched.NKI!tr
AVGSf:ShellCode-AO [Trj]
DeepInstinctMALICIOUS

How to remove Win32/Patched.NKI?

Win32/Patched.NKI removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment