Malware

What is “ML/PE-A + Troj/AutoIt-CLG”?

Malware Removal

The ML/PE-A + Troj/AutoIt-CLG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What ML/PE-A + Troj/AutoIt-CLG virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • CAPE detected the Loki malware family

How to determine ML/PE-A + Troj/AutoIt-CLG?



File Info:

name: 68A684E6D18AB7123F08.mlw
path: /opt/CAPEv2/storage/binaries/20e36f2fc8a308105d9dedcc58b580a1bd88fc1425ce2ba24d232c7be9386a14
crc32: B0CFFC64
md5: 68a684e6d18ab7123f083cda824bc719
sha1: fc11fc3f40a8110584bcf78b7213a3390d6c37c7
sha256: 20e36f2fc8a308105d9dedcc58b580a1bd88fc1425ce2ba24d232c7be9386a14
sha512: b9cb623f145a1912e5f12bf27b0bb97d24e2464755d7197966e8588439bed65f4fd7371f18198a70076e2756009cb957e8fc680d4e320715dec8fe65c8897e64
ssdeep: 12288:fYV6MorX7qzuC3QHO9FQVHPF51jgcktt93BFcXjnv0:sBXu9HGaVH2DTczv0
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13AC412C08BE58465D0F737B1C8365E2028217CB5DEB5B76D4365E81EB875B82D822B3B
sha3_384: 6d857e963a4480ebe4fd38528cf92492efeb7817e05fbccdd32bc34a180784e1b56e85665b34f20f7aeb4e77fad94dd0
ep_bytes: 60be00404b008dbe00d0f4ff57eb0b90
timestamp: 2019-05-05 23:48:13


Version Info:

FileDescription: RMActivate_isv
OriginalFilename: InfDefaultInstall
CompanyName: MbaeParserTask
FileVersion: 236.802.266.348
LegalCopyright: winload
ProductName: RemotePosWorker
ProductVersion: 136.116.568.564
Translation: 0x0409 0x04b0

ML/PE-A + Troj/AutoIt-CLG also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.Heur.AutoIT.16
FireEyeGeneric.mg.68a684e6d18ab712
McAfeeGenericRXAA-FA!68A684E6D18A
CylanceUnsafe
ZillyaTrojan.Generic.Win32.785491
SangforVirus.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (D)
K7GWTrojan ( 0054d93f1 )
K7AntiVirusTrojan ( 0054d93f1 )
CyrenW32/AutoIt.LB.gen!Eldorado
SymantecAUT.Heuristic!gen5
ESET-NOD32a variant of Win32/Packed.AutoIt.OM
APEXMalicious
ClamAVWin.Dropper.Autoit-6964335-1
KasperskyHEUR:Trojan.Win32.Autoit.gen
BitDefenderGen:Trojan.Heur.AutoIT.16
AvastAutoIt:Dropper-DL [Trj]
Ad-AwareGen:Trojan.Heur.AutoIT.16
EmsisoftGen:Trojan.Heur.AutoIT.16 (B)
DrWebTrojan.MulDrop9.9430
VIPRETrojan.Win32.Generic!BT
TrendMicroBackdoor.Autoit.NANOCORE.SMAT.hp
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.hc
SophosML/PE-A + Troj/AutoIt-CLG
IkarusTrojan.Autoit
GDataGen:Trojan.Heur.AutoIT.16
JiangminTrojan.Generic.dmcld
AviraHEUR/AGEN.1102698
Antiy-AVLTrojan/Generic.ASCommon.151
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Sonbokli.C3207117
Acronissuspicious
BitDefenderThetaAI:Packer.24C6145217
ALYacGen:Trojan.Heur.AutoIT.16
MAXmalware (ai score=80)
VBA32Trojan.Downloader
MalwarebytesTrojan.MalPack.Generic
TrendMicro-HouseCallBackdoor.Autoit.NANOCORE.SMAT.hp
RisingPUF.Pack-AutoIt!1.B8E7 (CLASSIC)
eGambitUnsafe.AI_Score_73%
FortinetAutoIt/Packed.PE!tr
AVGAutoIt:Dropper-DL [Trj]
MaxSecureTrojan.Malware.300983.susgen

How to remove ML/PE-A + Troj/AutoIt-CLG?

ML/PE-A + Troj/AutoIt-CLG removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment