Malware

Win32/Packed.Obsidium.D suspicious malicious file

Malware Removal

The Win32/Packed.Obsidium.D suspicious is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Packed.Obsidium.D suspicious virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • The binary likely contains encrypted or compressed data.
  • Checks for the presence of known windows from debuggers and forensic tools
  • Network activity detected but not expressed in API logs
  • Checks for the presence of known devices from debuggers and forensic tools
  • Detects VirtualBox through the presence of a device
  • Anomalous binary characteristics

How to determine Win32/Packed.Obsidium.D suspicious?



File Info:

crc32: 9A3678E2
md5: 977cf67b0796a682671504be5249bc0c
name: 977CF67B0796A682671504BE5249BC0C.mlw
sha1: 05c818addd401172e844c382ddd1469b53968f1c
sha256: 5b9ab2d4beba036dfd5d21f31e567a7e9e98367901c34825eb55d0a35ce16e30
sha512: 7121578c7c68e794498a4c11d84105196f62d962ce437f46a0ea84d2ce32efb4cb8a2b2a9503aa93087c5217e7576b597b613715ddc207943ab18a91102a9bdc
ssdeep: 6144:J7rauD3omjobaB/ZY54A7q96k00je3Epl2ZdJkz1B7A5OEY6IZIx:Jraw9sWZZG4YnM2ZdJk5B2HCQ
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Microsoft Corporation. All rights 
InternalName: WINHSTB
FileVersion: 6.1.7600.16356
CompanyName: Microsoft Corporation
ProductName: Microsoft? Windows? Operating System
ProductVersion: 6.1.7600.16356
FileDescription: Windows Winhlp32 Stub
OriginalFilename: WINHLP32.EXE
Translation: 0x0409 0x04b0

Win32/Packed.Obsidium.D suspicious also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Zbot.l!c
Elasticmalicious (high confidence)
DrWebTrojan.Packed.22393
CynetMalicious (score: 100)
ALYacTrojan.EmotetU.Gen.wq3@gOZVgxbi
CylanceUnsafe
ZillyaTrojan.Zbot.Win32.90667
CrowdStrikewin/malicious_confidence_100% (D)
Cybereasonmalicious.b0796a
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.Obsidium.D suspicious
ZonerProbably Heur.ExeHeaderH
APEXMalicious
AvastWin32:Malware-gen
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.EmotetU.Gen.wq3@gOZVgxbi
NANO-AntivirusTrojan.Win32.Zbot.bcucgz
MicroWorld-eScanTrojan.EmotetU.Gen.wq3@gOZVgxbi
TencentWin32.Trojan-Spy.Zbot.cfjo
Ad-AwareTrojan.EmotetU.Gen.wq3@gOZVgxbi
SophosML/PE-A
ComodoMalware@#28s553mcqvvxe
F-SecureTrojan.TR/Spy.363862.2
BitDefenderThetaGen:NN.ZexaF.34170.wq3@aOZVgxbi
VIPRETrojan.Win32.Generic!BT
TrendMicroPossible_Virus
McAfee-GW-EditionBehavesLike.Win32.Trojan.fc
FireEyeGeneric.mg.977cf67b0796a682
EmsisoftTrojan.EmotetU.Gen.wq3@gOZVgxbi (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojanSpy.Zbot.coks
AviraTR/Spy.363862.2
Antiy-AVLTrojan/Generic.ASMalwS.2405F9F
KingsoftWin32.Heur.KVMH004.a.(kcloud)
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataTrojan.EmotetU.Gen.wq3@gOZVgxbi
AhnLab-V3Trojan/Win32.Gen
Acronissuspicious
McAfeeArtemis!977CF67B0796
MAXmalware (ai score=83)
VBA32BScope.Worm.Rebhip
PandaTrj/Genetic.gen
TrendMicro-HouseCallPossible_Virus
RisingTrojan.Generic@ML.98 (RDML:2sMIWSbpPwkS/fl0TxR3fQ)
IkarusTrojan-Spy.Win32.Zbot
FortinetW32/Zbot.HBQT!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Win32/Packed.Obsidium.D suspicious?

Win32/Packed.Obsidium.D suspicious removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment