Malware

Win32/Packed.CAB.BQ removal

Malware Removal

The Win32/Packed.CAB.BQ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Packed.CAB.BQ virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities to enumerate running processes
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Detects the presence of Windows Defender AV emulator via files
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Win32/Packed.CAB.BQ?



File Info:

name: 051A8CF2FCE91F2DE8D8.mlw
path: /opt/CAPEv2/storage/binaries/8afc13ea1845a43e48f2d3465bd0d5ccdbfbd20509ffd95a59787ca64cfdae23
crc32: 5C66341B
md5: 051a8cf2fce91f2de8d833b665b68a61
sha1: 5ad48741743704f2e6e148df340546f7c98a3583
sha256: 8afc13ea1845a43e48f2d3465bd0d5ccdbfbd20509ffd95a59787ca64cfdae23
sha512: a4f00f5b2bbafaa9699d899b87741459148f630855a7d6b25b3034b5930b2a3a32f459e887624b1334324a7e81237332590c50eefa4db530e66100af4148b8d3
ssdeep: 12288:kQ5lsHjEf4ZN3edyab/sokOhUJTWyYve++j4UxZkJoTCgk5S9Y:kQru/1ed9jTkOhWVYOVrkwCgkuY
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14C05EF0DD28BB926D82EFBF151A5DB7205242C9C16E6D2C537DCEF83F8CD2A42564272
sha3_384: 5749b3d0133aac756899b2d04e5a22802af692ead070757e278912e002f0c826927986b8cbfb1463ac60dd92186f14b1
ep_bytes: e8070b0000e905000000cccccccccc6a
timestamp: 2013-08-22 04:01:48


Version Info:

CompanyName: Gfjlrxazh Whxcaaodhu
FileDescription: Rjd61 Ntrkvms Qumlzmsueq
FileVersion: 8.0.1760.24970 (tjsulru_xxv.718074-0047)
InternalName: Cahcaxs
LegalCopyright: © Gfjlrxazh Whxcaaodhu. Dvu Dxiaca Lkrpjirb.
OriginalFilename: PLPATVN.EXE            .XNO
PrivateBuild: Lwjgr 1, 9790
ProductName: Rccqeroj Fpslyocj
ProductVersion: 8.0.1760.24970
Translation: 0x0409 0x04b0

Win32/Packed.CAB.BQ also known as:

LionicTrojan.Win32.Agent.m!c
MicroWorld-eScanTrojan.GenericKD.48990709
FireEyeGeneric.mg.051a8cf2fce91f2d
ALYacTrojan.GenericKD.48990709
CylanceUnsafe
SangforTrojan.Win32.Alien.fsp
K7AntiVirusTrojan ( 005928881 )
AlibabaTrojanDownloader:Win32/Alien.93f98d0c
K7GWTrojan ( 005928881 )
Cybereasonmalicious.174370
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.CAB.BQ
KasperskyTrojan-Downloader.Win32.Alien.fsp
BitDefenderTrojan.GenericKD.48990709
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.10d03a84
Ad-AwareTrojan.GenericKD.48990709
McAfee-GW-EditionBehavesLike.Win32.Fareit.bc
EmsisoftTrojan.GenericKD.48990709 (B)
IkarusPUA.CAB
GDataWin32.Trojan.Agent.T3PCF9
WebrootW32.Trojan.Gen
MAXmalware (ai score=85)
ViRobotTrojan.Win32.Z.Cab.795648
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3Malware/Gen.Generic.C5118621
McAfeeRDN/Generic Downloader.x
MalwarebytesTrojan.Agent.HDC.Generic
APEXMalicious
SentinelOneStatic AI – Malicious PE
FortinetRiskware/Application
AVGWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Packed.CAB.BQ?

Win32/Packed.CAB.BQ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment