Seeing the Win32/Packed.CAB.BH malware detection means that your computer is in big danger. This malware can correctly be identified as ransomware – type of malware which ciphers your files and forces you to pay for their decryption. Stopping it requires some specific steps that must be done as soon as possible.
Win32/Packed.CAB.BH detection is a malware detection you can spectate in your system. It frequently appears after the preliminary activities on your PC – opening the untrustworthy e-mail, clicking the banner in the Web or setting up the program from dubious sources. From the moment it shows up, you have a short time to act before it begins its malicious activity. And be sure – it is far better not to wait for these harmful things.
What is Win32/Packed.CAB.BH virus?
Win32/Packed.CAB.BH Summary
Summarizingly, Win32/Packed.CAB.BH virus activities in the infected system are next:
- SetUnhandledExceptionFilter detected (possible anti-debug);
- Presents an Authenticode digital signature;
- Dynamic (imported) function loading detected;
- The binary likely contains encrypted or compressed data.;
- Authenticode signature is invalid;
- A ping command was executed with the -n argument possibly to delay analysis;
- Uses Windows utilities for basic functionality;
- Created a process from a suspicious location;
- Installs itself for autorun at Windows startup;
- Detects the presence of Windows Defender AV emulator via files;
- Anomalous binary characteristics;
- Suspicious use of certutil was detected;
- Uses suspicious command line tools or Windows utilities;
- Ciphering the files located on the victim’s disk — so the victim cannot use these documents;
- Blocking the launching of .exe files of anti-malware programs
- Blocking the launching of installation files of anti-virus apps
Ransomware has actually been a nightmare for the last 4 years. It is hard to picture a more harmful virus for both individual users and businesses. The algorithms utilized in Win32/Packed.CAB.BH (generally, RHA-1028 or AES-256) are not hackable – with minor exclusions. To hack it with a brute force, you need a lot more time than our galaxy currently exists, and possibly will exist. But that malware does not do all these unpleasant things instantly – it can require up to a few hours to cipher all of your documents. Thus, seeing the Win32/Packed.CAB.BH detection is a clear signal that you have to begin the elimination procedure.
Where did I get the Win32/Packed.CAB.BH?
Usual ways of Win32/Packed.CAB.BH injection are basic for all other ransomware examples. Those are one-day landing websites where users are offered to download and install the free software, so-called bait emails and hacktools. Bait e-mails are a pretty new method in malware distribution – you get the email that imitates some normal notifications about deliveries or bank service conditions modifications. Within the email, there is an infected MS Office file, or a web link which leads to the exploit landing page.
Malicious email message. This one tricks you to open the phishing website.
Avoiding it looks fairly uncomplicated, but still demands a lot of awareness. Malware can hide in different spots, and it is better to stop it even before it gets into your PC than to rely on an anti-malware program. Standard cybersecurity awareness is just an essential item in the modern world, even if your relationship with a PC stays on YouTube videos. That can save you a lot of money and time which you would spend while looking for a fixing guide.
Win32/Packed.CAB.BH malware technical details
File Info:
name: E50865995DE7C6786C08.mlwpath: /opt/CAPEv2/storage/binaries/5c6ff648485dc84f708a5abde4661b9892e66e6aff4b350c61bfd980d1d68e1ccrc32: 0BACB504md5: e50865995de7c6786c08706419a784c9sha1: 9ed3e38a4edb697a713ce5ec9ac58cb25b82e0a0sha256: 5c6ff648485dc84f708a5abde4661b9892e66e6aff4b350c61bfd980d1d68e1csha512: ddbaa6c23d4433f9cba8daff140d45e54649a5e687116d688657a1a5ff20a5dad86d4b1e68d2be17f915d2f1a03251e5c91540bfb1cfe547aa2b02ae39eaee15ssdeep: 49152:JIlBStQr5gLc+3pEAQEk0q5EjCp/FvxfT01XC8Zdl:EgQr5gI+3pE3T0qOjuBT01S8dltype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T19A752305A4F1CA32E4E357B17AFB612B673474701F2497BB22AC91DA5E313C1AE39706sha3_384: 495bb7cc547ace71928fa2972833688a4dba9e7e41aecc9ed9719e450a130f92402322cb47049ad83149e229663aa916ep_bytes: e81c060000e94dfdffffcccccccccc3btimestamp: 2009-07-13 23:42:43Version Info:
CompanyName: Microsoft CorporationFileDescription: Uys33 Cxjmbdt Nkbfsixgjb FileVersion: 8.67.0677.20887 (mpzznkn_cjf.540053-6503)InternalName: Cbxsrfk LegalCopyright: © Microsoft Corporation. Tql Zbdyis Idetljhi.OriginalFilename: DWAOIZK.EXE .EYXProductName: Windows® Internet ExplorerProductVersion: 8.67.0677.20887Translation: 0x0409 0x04b0
Win32/Packed.CAB.BH also known as:
| Lionic | Trojan.Win32.Autoit.4!c |
| Elastic | malicious (high confidence) |
| MicroWorld-eScan | Gen:Heur.PHS.1 |
| FireEye | Gen:Heur.PHS.1 |
| McAfee | Artemis!E50865995DE7 |
| Cylance | Unsafe |
| VIPRE | Trojan.Win32.Generic!BT |
| Sangfor | Trojan.Win32.Ymacco.AA5C |
| K7AntiVirus | Trojan ( 00574c561 ) |
| Alibaba | Trojan:Win32/AVEvader.bb4d3e82 |
| K7GW | Trojan ( 00574c561 ) |
| CrowdStrike | win/malicious_confidence_60% (W) |
| Symantec | ML.Attribute.HighConfidence |
| ESET-NOD32 | a variant of Win32/Packed.CAB.BH |
| TrendMicro-HouseCall | Ransom.Win32.CONTI.SMA.hp |
| Kaspersky | Trojan.Win32.Autoit.aceck |
| BitDefender | Gen:Heur.PHS.1 |
| NANO-Antivirus | Trojan.Win32.Autoit.ikogef |
| Tencent | Win32.Trojan.Falsesign.Ahee |
| Emsisoft | Gen:Heur.PHS.1 (B) |
| Zillya | Trojan.CAB.Win32.550 |
| TrendMicro | Ransom.Win32.CONTI.SMA.hp |
| McAfee-GW-Edition | Artemis |
| Sophos | Mal/Generic-S |
| Microsoft | Ransom:Win32/CONTI!ml |
| ZoneAlarm | Trojan.Win32.Autoit.aceck |
| GData | Gen:Heur.PHS.1 |
| AhnLab-V3 | PUP/Win32.RL_Generic.R359549 |
| ALYac | Gen:Heur.PHS.1 |
| MAX | malware (ai score=82) |
| Malwarebytes | Trojan.Dropper.WXT.Generic |
| Panda | Trj/Genetic.gen |
| APEX | Malicious |
| Rising | Dropper.Certutil!1.D0D0 (CLASSIC) |
| Fortinet | W32/CAB.BH!tr |
| AVG | FileRepMalware |
| Cybereason | malicious.95de7c |
| Avast | FileRepMalware |
Leave a Comment