Malware

AutoIt:Injector-JV [Trj] information

Malware Removal

The AutoIt:Injector-JV [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What AutoIt:Injector-JV [Trj] virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the Azorult malware family
  • Attempts to modify proxy settings
  • Collects information to fingerprint the system

How to determine AutoIt:Injector-JV [Trj]?



File Info:

name: 3BB0FF8FF21CD310C9CC.mlw
path: /opt/CAPEv2/storage/binaries/c851f1e03d9488312fa6a5f7871f5ac5de587e0030955b0472db2d17911b5e08
crc32: 581878A9
md5: 3bb0ff8ff21cd310c9ccffceae0107dd
sha1: a36a48a646a72880fe8b328bf9a1a80f4b8a51f5
sha256: c851f1e03d9488312fa6a5f7871f5ac5de587e0030955b0472db2d17911b5e08
sha512: 8cc042d672b5d8ed4252cc782c98f1f3c89990da096c92081570f5ecb48902f1ecf7386f43fce95b9b8b748e03cb1c71ad921d9a1b025d82e69f7634a160960f
ssdeep: 24576:Vu6Jx3O0c+JY5UZ+XC0kGso/WaRAugbWY4:3I0c++OCvkGsUWaRrY4
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11835BE22A3DDC3A1CB669173BF2973426F7B38310630B45B2F981D79AD61171162DBA3
sha3_384: b2fc0b613592977d92f8db1bc9da4c54c34f6c95b5b14a5c99f592937804ea7f444c2fe31071d4f31284f4c2c169cb87
ep_bytes: e8b5d00000e97ffeffffcccccccccccc
timestamp: 2019-11-20 10:14:41


Version Info:

Translation: 0x0809 0x04b0

AutoIt:Injector-JV [Trj] also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Azorult.i!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Steam.17003
MicroWorld-eScanTrojan.GenericKD.32735601
FireEyeTrojan.GenericKD.32735601
ALYacTrojan.GenericKD.32735601
CylanceUnsafe
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojan:Win32/AutoItGen.107
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.ff21cd
VirITTrojan.Win32.Dnldr30.BZOZ
CyrenW32/AutoIt.NX.gen!Eldorado
SymantecPacked.Generic.548
ESET-NOD32a variant of Win32/Packed.AutoIt.TT
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Script.Obit.gen
BitDefenderTrojan.GenericKD.32735601
NANO-AntivirusTrojan.Win32.Azorult.gjegtw
AvastAutoIt:Injector-JV [Trj]
TencentWin32.Trojan.Falsesign.Lnem
Ad-AwareTrojan.GenericKD.32735601
SophosMal/Generic-S + Mal/AuItInj-A
ComodoMalware@#3buaroab4dh4r
VIPRETrojan.Win32.Generic!BT
TrendMicroBackdoor.AutoIt.BLADABINDI.SMP
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.th
EmsisoftTrojan.GenericKD.32735601 (B)
GDataTrojan.GenericKD.32735601
JiangminTrojan.PSW.Azorult.fez
AviraHEUR/AGEN.1100067
ZoneAlarmTrojan.Script.Obit.gen
MicrosoftPUADlManager:Win32/OpenDownloadManager
CynetMalicious (score: 99)
AhnLab-V3Win-Trojan/Autoinj04.Exp
McAfeeArtemis!3BB0FF8FF21C
MAXmalware (ai score=81)
VBA32TrojanPSW.Azorult
MalwarebytesTrojan.MalPack.AutoIt
TrendMicro-HouseCallBackdoor.AutoIt.BLADABINDI.SMP
RisingTrojan.Obfus/Autoit!1.BD7E (CLASSIC)
IkarusTrojan.Autoit
FortinetAutoIt/Agent.AAJ!tr
WebrootW32.Trojan.Gen
AVGAutoIt:Injector-JV [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove AutoIt:Injector-JV [Trj]?

AutoIt:Injector-JV [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment