AutoIt:Obfuscated-B [Cryp] malicious file

The AutoIt:Obfuscated-B [Cryp] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What AutoIt:Obfuscated-B [Cryp] virus can do?

At least one process apparently crashed during execution
Yara rule detections observed from a process memory dump/dropped files/CAPE
Authenticode signature is invalid

How to determine AutoIt:Obfuscated-B [Cryp]?


File Info:
name: 1AAE4ED1464B4AC8D77F.mlw
path: /opt/CAPEv2/storage/binaries/ffc39a38513a08a1ad92b0b6a0ebff15b10b155d239efa2b89722d24a7bcf48c
crc32: 400FB83F
md5: 1aae4ed1464b4ac8d77fef318781ead9
sha1: 65041cdafde74b9776e4907f06fe34c9d16e533f
sha256: ffc39a38513a08a1ad92b0b6a0ebff15b10b155d239efa2b89722d24a7bcf48c
sha512: 3150f2e9ee588062b6286791fc1e274be6a9314aab8fc6a86592f1f8c4acd1f8fdee412aff17c95698f3dacedc99d2276ff30434154ab3dffccc19d45ea4a593
ssdeep: 12288:SAHn2JK+HemNsqI3etnBHYPpAkApyRV3jRfP4S5LH28U3mcQuKXgoggdntcP9uK:SAHnh+eWsN3skA4RV1Hom2KXcmtc1uK
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DF158C0273D5C036FFAB92739B6AF2055AB979250133852F13982D79BD701B2273E762
sha3_384: 610c46ef16fcb05f6649d9cc96653e23396bd4a7fff6f416cc94a9e47ade247dc45e9264bf87a6be500892fe221e23bf
ep_bytes: e8c8d00000e97ffeffffcccccccccccc
timestamp: 2021-11-28 08:23:13

Version Info:
Translation: 0x0809 0x04b0

AutoIt:Obfuscated-B [Cryp] also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
FireEye	Generic.mg.1aae4ed1464b4ac8
Cylance	Unsafe
Cybereason	malicious.afde74
ESET-NOD32	multiple detections
Kaspersky	VHO:Backdoor.Win32.Androm.gen
Avast	AutoIt:Obfuscated-B [Cryp]
Sophos	ML/PE-A
McAfee-GW-Edition	BehavesLike.Win32.TrojanAitInject.dh
Avira	HEUR/AGEN.1139477
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.C4627440
Acronis	suspicious
APEX	Malicious
Ikarus	Trojan.Win32.Injector
eGambit	Unsafe.AI_Score_70%
Fortinet	AutoIt/Nymeria.4758!tr
AVG	AutoIt:Obfuscated-B [Cryp]
CrowdStrike	win/malicious_confidence_90% (W)

How to remove AutoIt:Obfuscated-B [Cryp]?

AutoIt:Obfuscated-B [Cryp] removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X