Crack

Win32:Patched-AWW [Trj] (file analysis)

Malware Removal

The Win32:Patched-AWW [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:Patched-AWW [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32:Patched-AWW [Trj]?



File Info:

name: 7B2ECC7B56E5FD14952F.mlw
path: /opt/CAPEv2/storage/binaries/c6efbccedeb0952e712b71777feca5cd258122721d86ce0612a01771cc805c77
crc32: 97BADD5A
md5: 7b2ecc7b56e5fd14952fee23fe73f0bc
sha1: 95ba318548b59ec8be9aa990ee8be6fdb0c879f8
sha256: c6efbccedeb0952e712b71777feca5cd258122721d86ce0612a01771cc805c77
sha512: e6108f0f76ec550adcc45b2cf33cd682131be44e460cd1f8682800a37b9a818cb6e01e8342398c0e7c2a70d3a06aa703e17a6e93a8ef34b6251b548106c7b5ee
ssdeep: 24576:Tfr71LKcn5AQYcjJV2TUEaGlNwrfHznV69QYSgsjTVGM:TfwcnQTUEa2wrfTV69i3n
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15515A032D1A14072E7F101B3BA28D1307F6CEE28178085ADE3D4BD1E79794A6A7B7356
sha3_384: 3cf0c42dad2a2511605dddb58955746c1bb92633f35be840fe8fd2ada60cf000f7aa02aa3679ec8cb76fa1f37a6a8e1b
ep_bytes: e839050000e97afeffffcccccccc8b44
timestamp: 2021-09-22 23:53:08


Version Info:

CompanyName: Python Software Foundation
FileDescription: Python 3.11.0 (64-bit)
FileVersion: 3.11.150.0
InternalName: setup
LegalCopyright: Copyright (c) Python Software Foundation. All rights reserved.
OriginalFilename: python-3.11.0-amd64.exe
ProductName: Python 3.11.0 (64-bit)
ProductVersion: 3.11.150.0
Translation: 0x0409 0x04e4

Win32:Patched-AWW [Trj] also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Doina.63205
SkyhighBehavesLike.Win32.Backdoor.cc
K7AntiVirusTrojan ( 005ad28b1 )
K7GWTrojan ( 005ad28b1 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Patched.NKM
CynetMalicious (score: 100)
KasperskyVirus.Win32.Senoval.a
BitDefenderGen:Variant.Doina.63205
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
SUPERAntiSpywareTrojan.Agent/Gen-Doina
AvastWin32:Patched-AWW [Trj]
TencentTrojan.Win32.Pathced_ya.16001052
F-SecureTrojan.TR/Patched.Gen
DrWebWin32.Beetle.2
VIPREGen:Variant.Doina.63205
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.7b2ecc7b56e5fd14
EmsisoftGen:Variant.Doina.63205 (B)
IkarusTrojan.Agent
GDataGen:Variant.Doina.63205
VaristW32/Patched.GQ1.gen!Eldorado
AviraTR/Patched.Gen
Antiy-AVLTrojan/Win32.Patched
ArcabitTrojan.Doina.DF6E5
ZoneAlarmVirus.Win32.Senoval.a
MicrosoftTrojan:Win32/Formbook!ml
GoogleDetected
AhnLab-V3Trojan/Win.Generic.C5487854
BitDefenderThetaGen:NN.ZexaF.36792.1y0@ay2gKWii
ALYacGen:Variant.Doina.63205
MAXmalware (ai score=89)
VBA32BScope.TrojanDownloader.Emotet
Cylanceunsafe
PandaTrj/Genetic.gen
RisingTrojan.Generic@AI.83 (RDML:HkzLaNPbDYeYVkfeaOxTpQ)
SentinelOneStatic AI – Suspicious PE
FortinetW32/Patched.IP!tr
AVGWin32:Patched-AWW [Trj]
CrowdStrikewin/malicious_confidence_60% (D)

How to remove Win32:Patched-AWW [Trj]?

Win32:Patched-AWW [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment