Malware

Should I remove “Troj/PSOBf-G”?

Malware Removal

The Troj/PSOBf-G is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/PSOBf-G virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • A scripting utility was executed
  • A script or command line contains a long continuous string indicative of obfuscation
  • Creates a copy of itself
  • Attempts to execute suspicious powershell command arguments

How to determine Troj/PSOBf-G?



File Info:

name: 70C8145C188BF89C25F0.mlw
path: /opt/CAPEv2/storage/binaries/4cb733e05325fdf02dfaf5982ca2a8917373658aed1e328869077e92c6d73225
crc32: 48D555D0
md5: 70c8145c188bf89c25f085e001c6f9a7
sha1: d3e24cdd7272965ba04b8a0a7013c79e2633f7aa
sha256: 4cb733e05325fdf02dfaf5982ca2a8917373658aed1e328869077e92c6d73225
sha512: 445f9f092241810359fcd7e319ec5f0dc40a4f19656484085a37201b5dd348a246bb1916b9ee526292cdab00068c5f2ddaacc259470c440d4bd82c6ad6cfa40c
ssdeep: 6144:5XCKG5Hob1T0qQzmnMpv+j++KqfUuuMSR7EDaLLt+a5YiCmbnIGZmXjeqJKnuG2a:5XcHy1gqOppGq+k1imLwauAZCjeqJKuE
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12F7412D0B3F8C09BFA571B7A0B391B2621F848201572965783607B07BA233839D5FB57
sha3_384: bd11b49f9e7484b55efc173b0d774a4672c7664474159b2a0e9da5e1b1a4797c3436500f4d69ed5714bde7708066dcbe
ep_bytes: 558bec81ecf40300005356576a205f33
timestamp: 2021-09-25 22:02:17


Version Info:

FileDescription: Compass Bancshares Inc
InternalName: bootmaker immaterialistic.exe
ProductVersion: 2.0.0.0
Translation: 0x0409 0x04b0

Troj/PSOBf-G also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
SkyhighBehavesLike.Win32.Generic.fc
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (D)
CynetMalicious (score: 100)
APEXMalicious
KasperskyUDS:Trojan-Downloader.Win32.Minix.gen
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.70c8145c188bf89c
SophosTroj/PSOBf-G
Kingsoftmalware.kb.a.993
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmUDS:Trojan-Downloader.Win32.Minix.gen
GoogleDetected
Cylanceunsafe
SentinelOneStatic AI – Suspicious PE
DeepInstinctMALICIOUS

How to remove Troj/PSOBf-G?

Troj/PSOBf-G removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment