How to remove “WinGo/Packed.Obfuscated.A suspicious”?

The WinGo/Packed.Obfuscated.A suspicious is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What WinGo/Packed.Obfuscated.A suspicious virus can do?

The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine WinGo/Packed.Obfuscated.A suspicious?


File Info:
name: B28A22871F63FE53E982.mlw
path: /opt/CAPEv2/storage/binaries/0b219da16fa3c74a22f089c51313b1d5e62c61c2eb4ff51b4ba8cb04806029ad
crc32: CB8DC8EA
md5: b28a22871f63fe53e9823ab86562e15d
sha1: aececaf39bfade402b6f46e79cb3e4faa616aaf9
sha256: 0b219da16fa3c74a22f089c51313b1d5e62c61c2eb4ff51b4ba8cb04806029ad
sha512: c824443ceb249e164bc8aa5a0978bb02561b0adf31049f86704b6881341761153add180446ff192ccddd5d8508f81893d96f176c7dcf17e1cedc099e4c7d4523
ssdeep: 49152:kbjFgXlrb/TNvO90dL3BmAFd4A64nsfJsMgsgWOTh6ZD1Y:kb89jTh
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T1F2853AC3BC9150B5C0AAD235C96692927B3178940F33A3D72F50A6BA1F76FD09E79324
sha3_384: 1506577d4a37340b8271e475f36366d7c961257796483bf6a5ced94e156abca721a1da29478424f33c3b87a52eeb94ad
ep_bytes: e95bc3ffffcccccccccccccccccccccc
timestamp: 1970-01-01 00:00:00

Version Info:
0: [No Data]

WinGo/Packed.Obfuscated.A suspicious also known as:

Lionic	Trojan.Win32.APosT.ts0N
Cynet	Malicious (score: 100)
FireEye	Gen:Variant.Ransom.Hive.6
McAfee	Artemis!B28A22871F63
Sangfor	Suspicious.Win32.Artemis.B28A22871F63
Alibaba	Ransom:Application/Generic.4d4c3854
Cyren	W64/Trojan.FPZL-7993
Elastic	malicious (moderate confidence)
ESET-NOD32	a variant of WinGo/Packed.Obfuscated.A suspicious
Paloalto	generic.ml
BitDefender	Gen:Variant.Ransom.Hive.6
MicroWorld-eScan	Gen:Variant.Ransom.Hive.6
Ad-Aware	Gen:Variant.Ransom.Hive.6
Emsisoft	Gen:Variant.Ransom.Hive.6 (B)
VIPRE	Gen:Variant.Ransom.Hive.6
McAfee-GW-Edition	Artemis
GData	Gen:Variant.Ransom.Hive.6
Arcabit	Trojan.Ransom.Hive.6
Google	Detected
Acronis	suspicious
ALYac	Gen:Variant.Ransom.Hive.6
MAX	malware (ai score=88)
APEX	Malicious
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/PossibleThreat

How to remove WinGo/Packed.Obfuscated.A suspicious?

WinGo/Packed.Obfuscated.A suspicious removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X