Categories: Malware

About “Win32/Packed.CAB.CS suspicious” infection

The Win32/Packed.CAB.CS suspicious is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Packed.CAB.CS suspicious virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
The binary likely contains encrypted or compressed data.
Uses Windows utilities to enumerate running processes
Authenticode signature is invalid
A ping command was executed with the -n argument possibly to delay analysis
Uses Windows utilities for basic functionality
Created a process from a suspicious location
Installs itself for autorun at Windows startup
Anomalous binary characteristics
Uses suspicious command line tools or Windows utilities

How to determine Win32/Packed.CAB.CS suspicious?


File Info:
name: 0F8A900CE61B51D44654.mlwpath: /opt/CAPEv2/storage/binaries/73cc731ce3bb3104827f7ae87d7952164846900efb83a9706333ca7daf2ebe6ccrc32: CB57E8E4md5: 0f8a900ce61b51d44654abe2af65865fsha1: a2c64758942c42d1232468772a8968f4814e1fd9sha256: 73cc731ce3bb3104827f7ae87d7952164846900efb83a9706333ca7daf2ebe6csha512: e7b3a6a2839cc3c8aa81f93c6a826a8b3bd395ccf0ea5bdb4620b53a5e4b3412a23e90359d746339854eb80c26ffab99117d6aa248cde29509626788d2f89698ssdeep: 12288:KQegfwjbYeeB3uH/TlA+OWH5cvzOIMI4VX:KQegIjctB3o/TlpH5cv6Y4ptype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T15FC4E006D6ABF422CAA7F6B134BEC25216E5AD6FC76582C73355FF8508E224475F0232sha3_384: 1b5e1728dfdd13555bd775d9682dd85d953407a623b48966aec37168b3c5a51603f12ac7e862abd532d7a0638b098222ep_bytes: e8070b0000e905000000cccccccccc6atimestamp: 2013-08-22 04:01:48
Version Info:
CompanyName: Mifdpluxg GhmmildxtbFileDescription: Osando95 Sul BelFileVersion: 35.9.1105.44604 (rhsaejm_sjr.798214-9718)InternalName: WmgbdicLegalCopyright: © Mifdpluxg Ghmmildxtb. Ytt Cgafzn Kmfirfep.OriginalFilename: DGUSCFL.EXE            .JDAPrivateBuild: Mccuu 9, 8488ProductName: Zixfpxjs DdhjdtlxProductVersion: 35.9.1105.44604Translation: 0x0409 0x04b0

Win32/Packed.CAB.CS suspicious also known as:

Lionic	Trojan.Win32.Barys.4!c
MicroWorld-eScan	Gen:Variant.Barys.321364
FireEye	Generic.mg.0f8a900ce61b51d4
ALYac	Gen:Variant.Barys.321364
Cylance	Unsafe
VIPRE	Gen:Variant.Barys.321364
Sangfor	Trojan.Win32.Packed.Vhdw
K7AntiVirus	Trojan ( 00594b341 )
Alibaba	Packed:Win32/Redline.d8b0fb45
K7GW	Trojan ( 00594b341 )
Cybereason	malicious.8942c4
Cyren	W32/ABRisk.EPOZ-7292
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.CAB.CS suspicious
APEX	Malicious
Paloalto	generic.ml
BitDefender	Gen:Variant.Barys.321364
Avast	Win32:Malware-gen
Ad-Aware	Gen:Variant.Barys.321364
Emsisoft	Gen:Variant.Barys.321364 (B)
McAfee-GW-Edition	RDN/Generic BackDoor
Trapmine	suspicious.low.ml.score
Sophos	Mal/Generic-S
SentinelOne	Static AI – Malicious PE
GData	Gen:Variant.Barys.321364
Arcabit	Trojan.Barys.D4E754
Microsoft	Trojan:Win32/Wacatac.B!ml
AhnLab-V3	Backdoor/Win.REMCOS.R499562
McAfee	RDN/Generic BackDoor
MAX	malware (ai score=87)
Malwarebytes	Trojan.Agent.HDC.Generic
Ikarus	Trojan-Spy.Redline
MaxSecure	Trojan.Malware.185601396.susgen
Fortinet	Riskware/Application
AVG	Win32:Malware-gen
CrowdStrike	win/malicious_confidence_70% (W)