» webinstrnhkt.sys
Overview
Analysis
File Details
Behaviors (1)

webinstrnhkt.sys

Corsica Technologies Ltd.

The file webinstrnhkt.sys by Corsica Technologies has been detected as a potentially unwanted program by 6 anti-malware scanners. It runs as a Windows kernel mode device driver named “webinstrNHKT”.

File name:

webinstrnhkt.sys

Publisher:

Corsica Technologies Ltd. (signed and verified)

MD5:

b0f99f135c032a816e1837a307b6776f

SHA-1:

0dcabb1a878291213eda3566536f79fb8ac1f7cb

SHA-256:

b94ed1232298c1740e76ed3fe84ed81a1bfe593786b59b79d50d3389aeb46528

Scanner detections:

6 / 68

Status:

Potentially unwanted

Analysis date:

1/2/2026 3:16:43 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2016.0.3211

IKARUS anti.virus

PUA.AddLyrics

t3scan.1.8.6.0

K7 AntiVirus

Adware

13.193.14791

Reason Heuristics

PUP.Optional.CorsicaTechnologies

15.2.2.5

Sophos

AddLyrics

4.98

VIPRE Antivirus

Revizer

37068

File size:

42.5 KB (43,560 bytes)

File type:

Driver (Win32 SYS)

Common path:

C:\Windows\System32\drivers\webinstrnhkt.sys

Digital Signature

Signed by:

Corsica Technologies Ltd.

Authority:

VeriSign, Inc.

Valid from:

12/28/2014 2:00:00 AM

Valid to:

1/27/2017 1:59:59 AM

Subject:

CN=Corsica Technologies Ltd., OU=R&D, O=Corsica Technologies Ltd., L=Tel-Aviv, S=Tel-Aviv, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7949FFE63B1683DCCBED2E599AECDFFD

File PE Metadata

Compilation timestamp:

1/29/2015 11:54:37 AM

OS version:

6.2

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

11.0

CTPH (ssdeep):

768:MWJ2ssLkewZuQHGLMwM3hTrodtmmy/lWIISIOLy0nmle2+D:FJ25Lk5Not0lWcIO7nQ+D

Entry address:

0x6408

Entry point:

8B, FF, 55, 8B, EC, E8, F4, 3B, 02, 00, 5D, E9, 1A, FF, FF, FF, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 56, BE, 20, 91, 40, 00, 57, 8B, CE, BF, 20, 91, 40, 00, 33, C0, 3B, CF, 73, 3C, 83, 3E, 2C, 75, 32, 8B, 46, 20, 56, FF, 35, 14, 99, 42, 00, 89, 35, 24, 91, 40, 00, FF, 75, 08, 85, C0, 74, 09, 68, 24, 65, 40, 00, FF, D0, EB, 05, E8, C4, 00, 00, 00, 85, C0, 7C, 0E, 83, C6, 2C, 3B, F7, 72, CB, EB, 05, B8, 04, 00, 00, C0, 5F, 5E, 5D, C2, 04, 00, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, A1, 24, 91, 40, 00, B9... 
[+]

Code size:

25 KB (25,600 bytes)

Driver

Display name:

webinstrNHKT

Type:

Kernel device driver (KernelDriver)

Remove webinstrnhkt.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.