Malware

Win32/Packed.CAB.GK suspicious information

Malware Removal

The Win32/Packed.CAB.GK suspicious is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Packed.CAB.GK suspicious virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Uses Windows utilities for basic functionality
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Binary compilation timestomping detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32/Packed.CAB.GK suspicious?



File Info:

name: 400746EF032FD4D3557B.mlw
path: /opt/CAPEv2/storage/binaries/328654b83c55b0c36461b5b241ff50b9b2e4f4286bbe1bd86655d601f7517a11
crc32: E131C3E2
md5: 400746ef032fd4d3557bd0774dea4891
sha1: d7e770151a182684852dd52aef4d59c11d40ccb3
sha256: 328654b83c55b0c36461b5b241ff50b9b2e4f4286bbe1bd86655d601f7517a11
sha512: df4b9c214c8972875cf4f8ee4ee53eedb800f154fcdd3f47a3934aacc55485eed5b6d90f2315c2ef1a62f4977a888ab4c5a2d220759dca883ee4c73ded1fa147
ssdeep: 98304:jPhahYZut/hFVibe6t2vvvWIc/rrsLj5Ft:zyZ9Mbex2hkLdT
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13C16336A5989D1A9CE7907F428FD07977E61BDA233E48297024C47984F17AD0EA33373
sha3_384: a133d0a28cb3c5f9643e8e6cf4d94d200349ab27ec03a91fe25c963e56cf88e5c4158b69e701ab71881b519c7c0a8f85
ep_bytes: e864070000e906000000cccccccccccc
timestamp: 2059-08-08 23:27:35


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Win32 Cabinet Self-Extractor                                           
FileVersion: 11.00.22621.1 (WinBuild.160101.0800)
InternalName: Wextract                
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: WEXTRACT.EXE            .MUI
ProductName: Internet Explorer
ProductVersion: 11.00.22621.1
Translation: 0x0409 0x04b0

Win32/Packed.CAB.GK suspicious also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.CAB.GK suspicious
CynetMalicious (score: 100)
AvastWin32:DangerousSig [Trj]
RisingDropper.Agent/BAT!1.AADE (CLASSIC)
F-SecureTrojan.TR/Dropper.acm
McAfee-GW-EditionArtemis!Trojan
Trapminemalicious.high.ml.score
AviraTR/Dropper.acm
AhnLab-V3Trojan/Win.Generic.C5312104
McAfeeArtemis!400746EF032F
MaxSecureTrojan.Malware.300983.susgen
AVGWin32:DangerousSig [Trj]

How to remove Win32/Packed.CAB.GK suspicious?

Win32/Packed.CAB.GK suspicious removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment