Win32:Patched-WQ [Trj] (file analysis)

The Win32:Patched-WQ [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32:Patched-WQ [Trj] virus can do?

Dynamic (imported) function loading detected
Authenticode signature is invalid

How to determine Win32:Patched-WQ [Trj]?


File Info:
name: 3E0A6FAFA6C4BDD91EA3.mlw
path: /opt/CAPEv2/storage/binaries/b96f7f82da20746e2f2a64fc537e04c066ba0403795b1771ac1a19bc8d296936
crc32: BAFEC456
md5: 3e0a6fafa6c4bdd91ea34e896412e0c3
sha1: 0964e46e6df25538de0ff7246a53df3dfba26256
sha256: b96f7f82da20746e2f2a64fc537e04c066ba0403795b1771ac1a19bc8d296936
sha512: f1ab8164e4a75c1e5d18068bfe1a2814356d408f899e7346e27261d41d91b452a59874b3762924365f13cd4abb94207357eb34054f53b58dfa0ed351fb343be6
ssdeep: 768:3tV5ODo6YBDqH2kutK2JMwoykWYtcK9OSqyKSlNB:3Uo6Gq/+Klftc21qhMv
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T148C25C136BD641B2F5A1A6B40DB67619E777E9C047219EC713103E0F49223D36CBA293
sha3_384: 4de9ea8844b6b20b9dab23b9f59ad3c8750d5af26cce6c45abb91b379c58dd6cde88a777127020d68fc25b1eff90dac7
ep_bytes: 683c504000e934060000e80f00000043
timestamp: 2005-06-15 09:57:43

Version Info:
CompanyName: Nikon Corporation
FileDescription: PTP/IP Enumerator
FileVersion: 1.0.0.3210
InternalName: NkPtpEnum
LegalCopyright: Copyright (C) Nikon Corporation 2005. Portions of this software are copyright (C) 2004-2005 FotoNation Inc.
OriginalFilename: NkPtpEnum.exe
ProductName: PTP/IP Enumerator
ProductVersion: 1.0.0.3130
Translation: 0x0409 0x04b0

Win32:Patched-WQ [Trj] also known as:

Bkav	W32.PatchedZB.PE
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Patched.HE
FireEye	Trojan.Patched.HE
CAT-QuickHeal	W32.Patchload.O
ALYac	Trojan.Patched.HE
Malwarebytes	Malware.Heuristic.1003
VIPRE	Trojan.Patched.HE
K7AntiVirus	Trojan ( 0026f5d91 )
K7GW	Trojan ( 0026f5d91 )
Cybereason	malicious.fa6c4b
Arcabit	Trojan.Patched.HE
VirIT	Win32.Yoshi.E
Cyren	W32/Patched.G
Symantec	Trojan.Paccyn!inf
ESET-NOD32	Win32/Patched.HN
Baidu	Win32.Virus.Loader.l
TrendMicro-HouseCall	PTCH_KATUSHA.W
Cynet	Malicious (score: 99)
Kaspersky	Trojan-Spy.Win32.Zbot.gen
BitDefender	Trojan.Patched.HE
NANO-Antivirus	Trojan.Win32.Patched.dwgwe
Avast	Win32:Patched-WQ [Trj]
Tencent	Virus.Win32.Patched.mf
Ad-Aware	Trojan.Patched.HE
Comodo	TrojWare.Win32.Patched.HN@3bsert
DrWeb	Trojan.Starter.1695
TrendMicro	PTCH_KATUSHA.W
McAfee-GW-Edition	BehavesLike.Win32.Virut.mm
Sophos	W32/Patched-AL
APEX	Malicious
Jiangmin	TrojanSpy.Zbot.adxr
Avira	W32/Patchload.A
Antiy-AVL	Trojan/Generic.ASVirus.2BD
Microsoft	Virus:Win32/Patchload.O
ViRobot	Win32.Patched.BE
GData	Trojan.Patched.HE
TACHYON	Virus/W32.Patched.Gen
AhnLab-V3	Win-Trojan/Patched.DD
McAfee	W32/Katusha
MAX	malware (ai score=87)
VBA32	Trojan-Spy.Zbot.gen
Zoner	Probably Heur.ExeHeaderL
Rising	Virus.Loader!1.9B09 (CLASSIC)
Yandex	Win32.Katusha.Gen
Ikarus	Virus.Win32.Patchload
MaxSecure	Virus.W32.Patched.MF
Fortinet	W32/Patched.MF!tr
AVG	Win32:Patched-WQ [Trj]
Panda	W32/Katusha.BN
CrowdStrike	win/malicious_confidence_60% (W)

How to remove Win32:Patched-WQ [Trj]?

Win32:Patched-WQ [Trj] removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X