Object Corrupted: MsiInfo.exe, Obsidium

[Ray Jax]

Hi,

I had run a quick scan about two days ago, and I hadn't noticed that the AV had found two (one?) corrupted objects and a missing file. Just wanted to know what I can do about it and what it means.

The relevant part of the log:

10/14/2024 6:32:35 AM    C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x86\MsiInfo.exe\Obsidium    Corrupted    Object corrupted            File    C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x86\MsiInfo.exe//    Obsidium    Corrupted                OMNI\[redacted]    Initiator


10/14/2024 6:32:35 AM    C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x86\MsiInfo.exe    Corrupted    Object corrupted            File    C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x86    MsiInfo.exe    Corrupted                OMNI\[redacted]    Initiator

10/14/2024 6:34:03 AM    C:\Users\[redacted]\AppData\Local\VirtualStore\Program Files (x86)    Not processed    Object not processed        File not found    File    C:\Users\[redacted]\AppData\Local\VirtualStore\Program Files (x86)        Not processed                OMNI\[redacted]    Active user
 

[harlan4096]

Welcome to Kaspersky Community.

 

Please provide versions of operating system and K. product installed.

 

About MsiInfo.exe file:

 

https://documentation.help/Windows-Installer/msiinfo_exe.htm

[Ray Jax]

On 10/17/2024 at 11:31 AM, harlan4096 said:

Welcome to Kaspersky Community.

 

Please provide versions of operating system and K. product installed.

 

About MsiInfo.exe file:

 

https://documentation.help/Windows-Installer/msiinfo_exe.htm

Windows 11 Pro (22631.4317). Kaspersky Standard.

Edited October 21 by Ray Jax

[harlan4096]

That looks like a Windows legit file, the reason it appeared as corrupted, it's weird. Try to scan that file again manually and re-check.

[Ray Jax]

3 hours ago, harlan4096 said:

That looks like a Windows legit file, the reason it appeared as corrupted, it's weird. Try to scan that file again manually and re-check.

Scanned it again. On the first scan, it showed the same thing. On the subsequent scans, it shows nothing.

[Ray Jax]

@harlan4096 

The file (MsiInfo.exe) still shows up as corrupted when I do a quick scan. Also, I hadn't mentioned earlier, but there is also another thing that shows up:

Event: Object not processed
User: OMNI\[redacted]
User type: Active user
Component: Virus Scan
Result: Not processed
Result description: Not processed
Object type: File
Object path: C:\Users\[redacted]\AppData\Local\VirtualStore\Program Files (x86)
Reason: File not found

Anything I should do? Should I upload the file here(somehow)?

[harlan4096]

Send me a link to download it via personal message of the forum.

[harlan4096]

Quote

Component: Malware Scan
Result: Corrupted
Result description: Corrupted
Object type: File
Object name: Obsidium
Object path: C:\Users\HARLAN4096\Programas\Seguridad & Antivirus\Antivirus\MalWare Testing\fff\MsiInfo.exe//

I think the reason the scanning is it showing as Corrupted it is that inside that file, there is an object packed with this software:

 

https://www.obsidium.de/product/sps/about

 

And it seems as K. can't unpack to scan it, it shows as "Corrupted".

 

Quote

Encryption, compression and obfuscation of code and data

In order to prevent disassembly and static analysis or modification of program files on disk, code and data will be encrypted using a strong cryptographic cipher and their integrity verified. Additional compression will typically reduce executable size by more than half.