Malware

Win32/Packed.Obsidium.DX removal

Malware Removal

The Win32/Packed.Obsidium.DX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Packed.Obsidium.DX virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Detects VirtualBox through the presence of a device
  • Anomalous binary characteristics
  • Binary compilation timestomping detected

How to determine Win32/Packed.Obsidium.DX?



File Info:

name: 09A39FFFBD634C54A18C.mlw
path: /opt/CAPEv2/storage/binaries/b7435f97f94aec61ae91c051a8395270e492cd48c3214fbb2180fad95b6600bb
crc32: 55874B66
md5: 09a39fffbd634c54a18ce9897bb0a772
sha1: 305136a18ba5cdfbe27d35d408f1a4dd7a779b91
sha256: b7435f97f94aec61ae91c051a8395270e492cd48c3214fbb2180fad95b6600bb
sha512: 4d3942e9fb66ef4b5d80154cc2f538cf8489f4f2b9a6a86cc04da129331df4f6a8b2986ae6709326edc18c7c4bc56f47e2a3a13b6d4af2534ddd70bb01005f08
ssdeep: 24576:lGXbY9JgBDOh4G/h2hBHHcTUGVsX2/87zfMYS1nTlga3geNL0:lGrmJDh4G/h2hBHHsUCskP1lga3g
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1712523121B3CB78BC05DEA32C7FE4D3096727C518540AE52B348F78EE6A6D62D94660F
sha3_384: 2d5148ad7d0a382d013acfb4f5cc2ad1194ff47179cc47c2aafee17be059c7c14abce758ee039e43e3c0b04581710fcc
ep_bytes: eb058d3de15c9450eb0521854edc3ee8
timestamp: 2079-05-10 19:45:30


Version Info:

CompanyName: Gigasoft, Inc.
FileDescription: ProEssentials Professional Charting DLL
FileVersion: 7.0.0.12
InternalName: PEGRP64E
LegalCopyright: Copyright © Gigasoft, Inc. 1994-2010
OriginalFilename: PEGRP64E.DLL
ProductName: ProEssentials Pro
ProductVersion: 7.0.0.12
ProductCode: GHXLZCKLIOEPFM8G        
LicensedTo: BreakPoint Software, Inc.
Translation: 0x0409 0x04e4

Win32/Packed.Obsidium.DX also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Stealer.l!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Siggen3.10039
MicroWorld-eScanTrojan.GenericKD.38614780
FireEyeGeneric.mg.09a39fffbd634c54
CAT-QuickHealTrojanSpy.Stealer
ALYacTrojan.GenericKD.38614780
CylanceUnsafe
ZillyaTrojan.Obsidium.Win32.2382
SangforSpyware.Win32.Stealer.axoo
K7AntiVirusTrojan ( 0058cb051 )
AlibabaTrojanSpy:Win32/Stealer.2d34fb49
K7GWTrojan ( 0058cb051 )
Cybereasonmalicious.18ba5c
ArcabitTrojan.Generic.D24D36FC
BitDefenderThetaGen:NN.ZexaF.34182.7q3@ainPp2ci
CyrenW32/Obsidium.A.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.Obsidium.DX
APEXMalicious
KasperskyTrojan-Spy.Win32.Stealer.axoo
BitDefenderTrojan.GenericKD.38614780
AvastWin32:MalwareX-gen [Trj]
TencentWin32.Trojan-spy.Stealer.Hff
Ad-AwareTrojan.GenericKD.38614780
EmsisoftTrojan-Spy.Agent (A)
ComodoMalware@#2kk348rtvd3k8
TrendMicroTROJ_FRS.0NA103A722
McAfee-GW-EditionBehavesLike.Win32.Virut.dc
SophosMal/Generic-S
SentinelOneStatic AI – Suspicious PE
JiangminTrojanSpy.Stealer.mqy
MaxSecureTrojan.Malware.1728101.susgen
AviraTR/Spy.Stealer.atbjo
KingsoftWin32.Heur.KVMH015.a.(kcloud)
GridinsoftMalware.Win32.GenericMC.cc
MicrosoftExploit:Win32/ShellCode!ml
ViRobotTrojan.Win32.Z.Sabsik.968784
GDataTrojan.GenericKD.38614780
TACHYONTrojan-PWS/W32.Reline.968784
AhnLab-V3Infostealer/Win.RedLine.R463100
Acronissuspicious
McAfeeGenericRXRL-II!09A39FFFBD63
MAXmalware (ai score=83)
VBA32TScope.Malware-Cryptor.SB
TrendMicro-HouseCallTROJ_FRS.0NA103A722
RisingSpyware.Stealer!8.3090 (CLOUD)
IkarusTrojan.Win32.Obsidium
FortinetW32/PossibleThreat
AVGWin32:MalwareX-gen [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Packed.Obsidium.DX?

Win32/Packed.Obsidium.DX removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment