» webinstrnhkt.sys
Overview
Analysis
File Details
Behaviors (1)

webinstrnhkt.sys

Corsica Technologies Ltd.

The file webinstrnhkt.sys by Corsica Technologies has been detected as a potentially unwanted program by 6 anti-malware scanners. It runs as a Windows kernel mode device driver named “webinstrNHKT”.

File name:

webinstrnhkt.sys

Publisher:

Corsica Technologies Ltd. (signed and verified)

MD5:

a089f3bcd07ccbab21f338c59afefe88

SHA-1:

ead047739bbf59bc9d0cdb53118e17586794170f

SHA-256:

fa6d163619e663827ad8b5ab4cd647231d5ea324aafabca141cab2c5427eabca

Scanner detections:

6 / 68

Status:

Potentially unwanted

Analysis date:

1/1/2026 9:12:14 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2016.0.3214

IKARUS anti.virus

PUA.AddLyrics

t3scan.1.8.6.0

K7 AntiVirus

Adware

13.193.14803

Reason Heuristics

PUP.Optional.CorsicaTechnologies

15.1.29.18

Sophos

PUA 'AddLyrics' (of type Adware)

5.09

VIPRE Antivirus

Threat.5063086

36666

File size:

42 KB (43,048 bytes)

File type:

Driver (Win32 SYS)

Common path:

C:\Windows\System32\drivers\webinstrnhkt.sys

Digital Signature

Signed by:

Corsica Technologies Ltd.

Authority:

VeriSign, Inc.

Valid from:

12/27/2014 7:00:00 PM

Valid to:

1/26/2017 6:59:59 PM

Subject:

CN=Corsica Technologies Ltd., OU=R&D, O=Corsica Technologies Ltd., L=Tel-Aviv, S=Tel-Aviv, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7949FFE63B1683DCCBED2E599AECDFFD

File PE Metadata

Compilation timestamp:

1/28/2015 10:51:24 AM

OS version:

6.2

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

11.0

CTPH (ssdeep):

768:fr2IsLk5sZYa13aw2YhYYNTcmfb/1m4ItIOQQKm/b/zY:D2lLkocMcw1m7IOFKMb/U

Entry address:

0x6334

Entry point:

8B, FF, 55, 8B, EC, E8, C8, 3C, 02, 00, 5D, E9, 1A, FF, FF, FF, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 56, BE, 20, 91, 40, 00, 57, 8B, CE, BF, 20, 91, 40, 00, 33, C0, 3B, CF, 73, 3C, 83, 3E, 2C, 75, 32, 8B, 46, 20, 56, FF, 35, 14, 99, 42, 00, 89, 35, 24, 91, 40, 00, FF, 75, 08, 85, C0, 74, 09, 68, 50, 64, 40, 00, FF, D0, EB, 05, E8, C4, 00, 00, 00, 85, C0, 7C, 0E, 83, C6, 2C, 3B, F7, 72, CB, EB, 05, B8, 04, 00, 00, C0, 5F, 5E, 5D, C2, 04, 00, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, A1, 24, 91, 40, 00, B9... 
[+]

Code size:

24.5 KB (25,088 bytes)

Driver

Display name:

webinstrNHKT

Type:

Kernel device driver (KernelDriver)

Remove webinstrnhkt.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.