Malware

Win32/Packed.Obsidium.CK removal guide

Malware Removal

The Win32/Packed.Obsidium.CK is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Packed.Obsidium.CK virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Detects Sandboxie through the presence of a library
  • Queries information on disks, possibly for anti-virtualization
  • CAPE detected the RedLine malware family
  • Detects VirtualBox through the presence of a device
  • Anomalous binary characteristics
  • Binary compilation timestomping detected

How to determine Win32/Packed.Obsidium.CK?



File Info:

name: 86B650084E2D3EE62D33.mlw
path: /opt/CAPEv2/storage/binaries/1e8edff15a4ce4a47931f5c42ed108252d54ab2fc1c297a6784c6ad862259247
crc32: F1B4D24F
md5: 86b650084e2d3ee62d33ebabc5329bb7
sha1: 43cc9852088597e4b31f71a18196f31c15927a63
sha256: 1e8edff15a4ce4a47931f5c42ed108252d54ab2fc1c297a6784c6ad862259247
sha512: f15455dcb4bd5a42468c3cd6e6f21014d18f54d5ad2cf4c31ca3226efdffcea7ccc38630cf4678f0794d8368beadbb90322c31788c2a36d166c588c8f0ab0e62
ssdeep: 24576:LyqkjWwH6he8fU4Ug42IDR/0GyfBRF78VPZM7EoeD/FlW:LyqkjWwH6he8fU4h43R/01R+ZCEoE/S
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A23512467F86C90BC25827359AC3F3742374FA817F454F8B2290DE9EBC65724F686298
sha3_384: b2ba9454443b4c2db6443f1b62d88da4a024d21526cf42ac41dbb3043d4db97f72904303a348b60b06762bb31fec0367
ep_bytes: eb010f50eb05813295b9c2e81b000000
timestamp: 2042-11-09 06:18:32


Version Info:

CompanyName: SplitmediaLabs Limited
FileDescription: VHMediaLib COM implementation
FileVersion: 2.0.1609.2801
InternalName: VHMediaCOM.dll
LegalCopyright: 2009-2016 (c) SplitmediaLabs Limited
OriginalFilename: VHMediaCOM.dll
ProductName: VH Video SDK
ProductVersion: 2.0.1609.2801
Translation: 0x0000 0x04e4

Win32/Packed.Obsidium.CK also known as:

BkavW32.AIDetect.malware2
MicroWorld-eScanTrojan.GenericKD.47509422
FireEyeGeneric.mg.86b650084e2d3ee6
McAfeeArtemis!86B650084E2D
CylanceUnsafe
K7AntiVirusTrojan ( 0058ae171 )
AlibabaTrojanSpy:Win32/Stealer.028570b9
K7GWTrojan ( 0058ae171 )
Cybereasonmalicious.208859
BitDefenderThetaGen:NN.ZexaF.34294.gr3@aa1MrnaP
ESET-NOD32a variant of Win32/Packed.Obsidium.CK
APEXMalicious
ClamAVWin.Malware.Zusy-9908145-0
KasperskyTrojan-Spy.Win32.Stealer.akvl
BitDefenderTrojan.GenericKD.47509422
TencentWin32.Trojan-spy.Stealer.Ecao
Ad-AwareTrojan.GenericKD.47509422
SophosMal/Generic-S
F-SecureTrojan.TR/Kryptik.sfawa
McAfee-GW-EditionBehavesLike.Win32.Sality.tc
EmsisoftTrojan.GenericKD.47509422 (B)
SentinelOneStatic AI – Malicious PE
GDataTrojan.GenericKD.47509422
AviraTR/Kryptik.sfawa
KingsoftWin32.Troj.Undef.(kcloud)
ArcabitTrojan.Generic.D2D4EFAE
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 99)
Acronissuspicious
VBA32TScope.Malware-Cryptor.SB
ALYacTrojan.GenericKD.47509422
MAXmalware (ai score=88)
MalwarebytesSpyware.PasswordStealer
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002H0CKQ21
RisingTrojan.Generic@ML.83 (RDMK:R6DwWCpkPR2M9hD2G3NjZA)
YandexTrojanSpy.Stealer!b6PV2gkWfRc
IkarusTrojan.Win32.Obsidium
FortinetW32/GenKryptik.FNZE!tr
AVGWin32:CrypterX-gen [Trj]
AvastWin32:CrypterX-gen [Trj]
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Win32/Packed.Obsidium.CK?

Win32/Packed.Obsidium.CK removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment