Malware

AutoIt:Runner-BH [Trj] removal instruction

Malware Removal

The AutoIt:Runner-BH [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What AutoIt:Runner-BH [Trj] virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Authenticode signature is invalid

How to determine AutoIt:Runner-BH [Trj]?



File Info:

name: ECE67BF006437B483129.mlw
path: /opt/CAPEv2/storage/binaries/269060981bf5af3a61babb3dcfa86060ef74befaeeb59352a532b95242334066
crc32: 80EC5494
md5: ece67bf006437b483129b5b7675b8889
sha1: 268098d8bea66919132cf5005f0fd63c96e3b16c
sha256: 269060981bf5af3a61babb3dcfa86060ef74befaeeb59352a532b95242334066
sha512: 56de822765858c7f35d86ff3d791daa79e612657065d1f00562203c9c1a40f9ebb03e1ec85de171aeb3f14e476881203f4e41b5e8927b2e31fb9f22766e0aaea
ssdeep: 24576:nAHnh+eWsN3skA4RV1Hom2KXMmHaLtp5:ah+ZkldoPK8YaL9
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T158058B0273D2D036FFAB92739B6AB20196BD79250133852F13981DB9BD701B1277E663
sha3_384: 46a278dbc9d1331734f8f5cc188fee6ec8ccbc037654e941b94c5290daa708ebf2d584a6f82bab8404173e88c1918741
ep_bytes: e8c8d00000e97ffeffffcccccccccccc
timestamp: 2021-12-31 02:38:27


Version Info:

Comments: NAgZfJ
CompanyName: eXDWNVJoALrIJcMewjJKyMYRKZU
FileDescription: DNIcbm
FileVersion: 75.27.90.68
InternalName: StVFbqteDcn
LegalCopyright: cAIQVrtZA
LegalTrademarks: IkvdtrJuZVtEU
ProductName: sxMYW
ProductVersion: 56.84.92.82
Translation: 0x0809 0x04b0

AutoIt:Runner-BH [Trj] also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Strictor.188722
FireEyeGen:Variant.Strictor.188722
McAfeeArtemis!ECE67BF00643
MalwarebytesMalware.AI.1981923179
K7AntiVirusTrojan ( 0056a9891 )
BitDefenderGen:Variant.Strictor.188722
K7GWTrojan ( 0056a9891 )
CrowdStrikewin/malicious_confidence_90% (W)
CyrenW32/AutoIt.SR.gen!Eldorado
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/Autoit.OHY
TrendMicro-HouseCallTrojan.AutoIt.OTORUN.SM
AvastAutoIt:Runner-BH [Trj]
KasperskyUDS:Trojan.Script.Generic
RisingTrojan.Runner/Autoit!1.C11B (CLASSIC)
Ad-AwareGen:Variant.Strictor.188722
ComodoMalware@#2aw4ficgpj15p
TrendMicroTrojan.AutoIt.OTORUN.SM
McAfee-GW-EditionBehavesLike.Win32.Generic.ch
EmsisoftGen:Variant.Strictor.188722 (B)
APEXMalicious
GDataGen:Variant.Strictor.188722
AviraWORM/FakeExt.Gen8
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
ALYacGen:Variant.Strictor.188722
MAXmalware (ai score=86)
FortinetW32/Autoit.OHL!tr
AVGAutoIt:Runner-BH [Trj]
Cybereasonmalicious.006437

How to remove AutoIt:Runner-BH [Trj]?

AutoIt:Runner-BH [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment