Malware

VirTool:Win32/Obfuscator.XX (file analysis)

Malware Removal

The VirTool:Win32/Obfuscator.XX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What VirTool:Win32/Obfuscator.XX virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • CAPE detected the shellcode patterns malware family
  • Yara detections observed in process dumps, payloads or dropped files

How to determine VirTool:Win32/Obfuscator.XX?


File Info:

name: F93A8FEBD18C054B2EC9.mlw
path: /opt/CAPEv2/storage/binaries/5736a99a9f61ca21eb0da1c855c25b9f7368aa0ee76e96f25a264a4f5ebeca03
crc32: 8D1AA5BD
md5: f93a8febd18c054b2ec9420db24cb6b8
sha1: a7a65fa5fbc08eea0880ad407c81e4f42532f573
sha256: 5736a99a9f61ca21eb0da1c855c25b9f7368aa0ee76e96f25a264a4f5ebeca03
sha512: 669b40893a8fdcbf22d087ca140466060d18e02811c17a35243f3efecdd5d21b2592de56d9fcb33d204588bb8bf94de09f6c6c7285f95fbb9913fe68d5fc9030
ssdeep: 3072:GDkXIAuv6zYZ+kBIuoaQoT5FQ9QFgZRf8d7yWfY3R:G4XXuCzEBIYQQ5EHUtyW
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BCE31246EEB5533DE30AB33361746581C921D07B222EF5B65EFA8AA520F13139DC2E64
sha3_384: d3f43e0a01dbb50d484b7bd61de4e2d21a192a6295d5d42e8a0c40610da5cd50980c8c356bb0efe07cf246fb44ee10b1
ep_bytes: 60be008040008dbe0090ffff57eb0b90
timestamp: 2008-10-16 01:05:49

Version Info:

CompanyName: Occur Pinch
FileDescription: Zip Blade You
FileVersion: 7.9
InternalName: Shank
LegalCopyright: Copyright © Pupil Sparks 1997-2006
OriginalFilename: Shaken.exe
ProductName: Trial
ProductVersion: 7.9
Translation: 0x0409 0x04b0

VirTool:Win32/Obfuscator.XX also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Zbot.l!c
MicroWorld-eScanGen:Variant.Barys.748
FireEyeGeneric.mg.f93a8febd18c054b
SkyhighGenericRXUB-YL!22E411DFCEE3
McAfeeArtemis!F93A8FEBD18C
Cylanceunsafe
VIPREGen:Variant.Barys.748
K7AntiVirusTrojan ( 0055dd191 )
K7GWTrojan ( 0055dd191 )
CrowdStrikewin/malicious_confidence_100% (D)
VirITTrojan.Win32.Generic.YI
SymantecInfostealer
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/Kryptik.QNT
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan-Spy.Win32.Zbot.bzex
BitDefenderGen:Variant.Barys.748
NANO-AntivirusTrojan.Win32.Zbot.eqtkk
AvastWin32:Evo-gen [Trj]
RisingSpyware.Zbot!8.16B (CLOUD)
EmsisoftGen:Variant.Barys.748 (B)
F-SecureTrojan.TR/Crypt.ULPM.Gen
DrWebTrojan.Proxy.26297
ZillyaTrojan.Zbot.Win32.40362
Trapminemalicious.high.ml.score
SophosMal/Zbot-DE
IkarusTrojan-Spy.Win32.Zbot
GDataGen:Variant.Barys.748
JiangminTrojanSpy.Zbot.bcrl
WebrootW32.Malware.Heur
GoogleDetected
AviraTR/Crypt.ULPM.Gen
Antiy-AVLTrojan[Spy]/Win32.Zbot
Kingsoftmalware.kb.b.979
XcitiumMalware@#8jkwwlphvep0
ArcabitTrojan.Barys.748
ViRobotTrojan.Win32.A.Zbot.148992
ZoneAlarmTrojan-Spy.Win32.Zbot.bzex
MicrosoftVirTool:Win32/Obfuscator.XX
VaristW32/Zbot.DA.gen!Eldorado
AhnLab-V3Spyware/Win32.Zbot.R9504
BitDefenderThetaAI:Packer.53A123B01F
ALYacGen:Variant.Barys.748
MAXmalware (ai score=81)
VBA32TrojanSpy.Zbot
PandaTrj/Genetic.gen
YandexTrojan.Kryptik!TcRHI6qU7+E
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/ZAccess.WIB!tr
AVGWin32:Evo-gen [Trj]
Cybereasonmalicious.5fbc08
DeepInstinctMALICIOUS

How to remove VirTool:Win32/Obfuscator.XX?

VirTool:Win32/Obfuscator.XX removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment