Malware

Win32/Packed.Obsidium.CW malicious file

Malware Removal

The Win32/Packed.Obsidium.CW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Packed.Obsidium.CW virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Serbian (Cyrillic)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Detects Sandboxie through the presence of a library
  • Queries information on disks, possibly for anti-virtualization
  • Checks for the presence of known windows from debuggers and forensic tools
  • CAPE detected the RedLine malware family
  • Checks for the presence of known devices from debuggers and forensic tools
  • Detects VirtualBox through the presence of a device
  • Anomalous binary characteristics
  • Binary compilation timestomping detected

How to determine Win32/Packed.Obsidium.CW?



File Info:

name: F523ADE482A3A4DE9390.mlw
path: /opt/CAPEv2/storage/binaries/e53582f4c369b367ba6550c1e2ce075ef9efac192a112520bb54a6aee250620d
crc32: D6E88A03
md5: f523ade482a3a4de9390243c14d76484
sha1: fb36745aa0956480988f866fbdf7b6b1dbf16bdb
sha256: e53582f4c369b367ba6550c1e2ce075ef9efac192a112520bb54a6aee250620d
sha512: 8a1089bd28490a8e77dfbc1aed2940964d47f2243ed9bffc8b31e5bbcc49ecc0fac5cd5e2a4d69a3429f2bb4f274cbcbb4b3469e8640fa666c7960968f3c3547
ssdeep: 24576:F4sMizAfdz/L5vwEckjIPOuLEyLe2PGrLhT8J45b8Ql+:FJMxBOEGOuLN+Rm2l+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18C4534430A850438E9A73ABCFB960E17F5F5AF208DE5DF0645C3387C6662A19AF1670D
sha3_384: 7d62de73ba344f3ccd0f40294199e78106be9edb865e115dd354b02d32e1c90d8c93ace5caa99a496dd0adf9f5303ab5
ep_bytes: eb013850eb058f28105dfbe81b000000
timestamp: 2053-03-28 05:23:36


Version Info:

CompanyName: CRYPTOCOMPANY OU
FileDescription: CryptoTab Update Setup
FileVersion: 1.3.99.31
InternalName: CryptoTab Update Setup
LegalCopyright: Copyright 2018 CRYPTOCOMPANY OU
OriginalFilename: CryptoTabUpdateSetup.exe
ProductName: CryptoTab Update
ProductVersion: 1.3.99.31
LanguageId: en
PrivateBuild: 
Translation: 0x0409 0x04b0

Win32/Packed.Obsidium.CW also known as:

BkavW32.AIDetect.malware2
DrWebTrojan.Siggen15.56265
MicroWorld-eScanTrojan.GenericKD.47505323
FireEyeGeneric.mg.f523ade482a3a4de
CAT-QuickHealExploit.Shellcode
McAfeeGenericRXAA-FA!F523ADE482A3
CylanceUnsafe
ZillyaTrojan.Obsidium.Win32.2028
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0058b07d1 )
AlibabaExploit:Win32/Shellcode.07f64817
K7GWTrojan ( 0058b07d1 )
Cybereasonmalicious.aa0956
BitDefenderThetaGen:NN.ZexaF.34062.kr1@a0qANUBP
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.Obsidium.CW
TrendMicro-HouseCallTROJ_GEN.R002C0WKU21
Paloaltogeneric.ml
KasperskyExploit.Win32.Shellcode.aecr
BitDefenderTrojan.GenericKD.47505323
AvastWin32:Trojan-gen
Ad-AwareTrojan.GenericKD.47505323
SophosMal/Generic-S
Comodofls.noname@0
TrendMicroTROJ_GEN.R002C0WKU21
McAfee-GW-EditionBehavesLike.Win32.Dropper.tc
EmsisoftTrojan.Packed (A)
IkarusTrojan.Win32.Generic
GDataTrojan.GenericKD.47505323
MaxSecureTrojan.Malware.133076155.susgen
KingsoftWin32.Exploit.Shellcode.ae.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R456579
Acronissuspicious
VBA32BScope.Trojan.APosT
ALYacTrojan.GenericKD.47505323
MAXmalware (ai score=84)
MalwarebytesTrojan.MalPack
APEXMalicious
RisingTrojan.Generic@ML.97 (RDMK:KN1ns8hb9xbmrj60S8VQVQ)
YandexExploit.Shellcode!buqxACC7PUE
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_98%
FortinetPossibleThreat.MU
WebrootW32.Rogue.Gen
AVGWin32:Trojan-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Packed.Obsidium.CW?

Win32/Packed.Obsidium.CW removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment