Crack

Win32:Patched-AWX [Trj] (file analysis)

Malware Removal

The Win32:Patched-AWX [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:Patched-AWX [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Touches a file containing cookies, possibly for information gathering
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32:Patched-AWX [Trj]?



File Info:

name: 6A0F4CF10BADF1CBB5A4.mlw
path: /opt/CAPEv2/storage/binaries/aef61af6a374749a5b3639ebc5edfc9b4772fcf0a262db8019366cb7b2438061
crc32: 7F87C454
md5: 6a0f4cf10badf1cbb5a47cb99da9a793
sha1: 7acb8a5f86b67f623c6db2f1345e010c3e0c41af
sha256: aef61af6a374749a5b3639ebc5edfc9b4772fcf0a262db8019366cb7b2438061
sha512: 60b89efcd0418a3d1610f19cccbe33f027be60fa34d5e8ee36cb633315ecc5bb94a3d34dc3ed6d9d0f762813e4f49cc2d730dad053a2852e8de0bca84a8e8130
ssdeep: 24576:FyOG9szbcL/rktNT0YFN/7zVqtNrbRYOKbQ:FZzGg/T0C97+bKOK0
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D605AE3261614072FBF60273FD38D2303D6DA228975085AAE7D4AD1E7E644E56BFB213
sha3_384: 1da4f562f44d7239b902c24ba82d6143886085c26341c7efecb65bec3b266569b9bbe280d7586273c2f878fe5928379f
ep_bytes: e839050000e97afeffffcccccccc8b44
timestamp: 2021-09-22 17:53:10


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Microsoft Windows Desktop Runtime - 7.0.11 (x64)
FileVersion: 7.0.11.32825
InternalName: setup
LegalCopyright: Copyright (c) Microsoft Corporation. All rights reserved.
OriginalFilename: windowsdesktop-runtime-7.0.11-win-x64.exe
ProductName: Microsoft Windows Desktop Runtime - 7.0.11 (x64)
ProductVersion: 7.0.11.32825
Translation: 0x0409 0x04e4

Win32:Patched-AWX [Trj] also known as:

BkavW32.AIDetectMalware
LionicVirus.Win32.Senoval.n!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Doina.63205
FireEyeGeneric.mg.6a0f4cf10badf1cb
SkyhighBehavesLike.Win32.Expiro.bc
ALYacGen:Variant.Doina.63205
VIPREGen:Variant.Doina.63205
SangforTrojan.Win32.Patched.Vo9l
K7AntiVirusTrojan ( 005ad28b1 )
AlibabaVirus:Win32/Senoval.9d7b3dc7
K7GWTrojan ( 005ad28b1 )
ArcabitTrojan.Doina.DF6E5
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Patched.NKM
CynetMalicious (score: 100)
KasperskyVirus.Win32.Senoval.a
BitDefenderGen:Variant.Doina.63205
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
AvastWin32:Patched-AWX [Trj]
TencentTrojan.Win32.Pathced_ya.16001052
SophosMal/Generic-S
F-SecureTrojan.TR/Patched.Gen
DrWebWin32.Beetle.2
TrendMicroTROJ_GEN.R002C0XKP23
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Doina.63205 (B)
SentinelOneStatic AI – Suspicious PE
VaristW32/Patched.GQ1.gen!Eldorado
AviraTR/Patched.Gen
MAXmalware (ai score=87)
Antiy-AVLTrojan/Win32.Patched
MicrosoftTrojan:Win32/Doina.RPX!MTB
ZoneAlarmVirus.Win32.Senoval.a
GDataGen:Variant.Doina.63205
GoogleDetected
AhnLab-V3Trojan/Win.Generic.C5487854
McAfeeRDN/Generic.hra
VBA32BScope.TrojanDownloader.Emotet
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_GEN.R002C0XKP23
RisingTrojan.Generic@AI.83 (RDML:Bc4wU61hO9Xqsr/BGHT0WA)
IkarusTrojan.Agent
FortinetW32/Patched.IP!tr
BitDefenderThetaGen:NN.ZexaF.36792.Xy0@aGg6B1li
AVGWin32:Patched-AWX [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Win32:Patched-AWX [Trj]?

Win32:Patched-AWX [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment