Risk

About “RiskWare.Obfuscated.AutoIt” infection

Malware Removal

The RiskWare.Obfuscated.AutoIt is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What RiskWare.Obfuscated.AutoIt virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Network activity detected but not expressed in API logs

How to determine RiskWare.Obfuscated.AutoIt?



File Info:

name: E982DCFD9F4B95EB3A94.mlw
path: /opt/CAPEv2/storage/binaries/b30a5564a4c43ccaa5fcf03927896f97c511f668f2a5837df133536b46c4127a
crc32: C21F7485
md5: e982dcfd9f4b95eb3a94742d448ba582
sha1: 5855c5f15caf55a69fb54301dbc6b9411695d4e1
sha256: b30a5564a4c43ccaa5fcf03927896f97c511f668f2a5837df133536b46c4127a
sha512: 91e381c7a615505fa2feacad4df929e8939738242231812c99c6ca4a7b7d2729c2284ad89413e45b148e23cec73c23f209063c1a5e05efa4d45e2cdb3c219aaa
ssdeep: 24576:eRaZROMOm8FN7TjsPnzt2heeRhQbJEOeam6LfXc4ArWWo:0kxOm+7TjsPnztyDMmalLfVvW
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T126459D4933A441A9FEB7E177CA12C607C7B1788A42778B2F02E05AB66F737715A1E311
sha3_384: e00d266ed0fe50c4a4c9567a04bbd0ce0ca625de8d30ba16922845857a4c9f46414e4834268e4dec3affb0f8e3fb5731
ep_bytes: 4883ec28e8bfb300004883c428e936fe
timestamp: 2021-05-20 10:09:23


Version Info:

Translation: 0x0809 0x04b0

RiskWare.Obfuscated.AutoIt also known as:

BkavW32.FamVTAppLQNE.Trojan
Elasticmalicious (high confidence)
MicroWorld-eScanAIT.Heur.Acapulco.11.AE94D37D.Gen
FireEyeAIT.Heur.Acapulco.11.AE94D37D.Gen
ALYacAIT.Heur.Acapulco.11.AE94D37D.Gen
ESET-NOD32a variant of Win32/Obfuscated.Autoit.M
APEXMalicious
KasperskyUDS:Trojan.Win32.Autoit.gen
BitDefenderAIT.Heur.Acapulco.11.AE94D37D.Gen
AvastFileRepMalware
Ad-AwareAIT.Heur.Acapulco.11.AE94D37D.Gen
McAfee-GW-EditionBehavesLike.Win64.Dropper.th
EmsisoftAIT.Heur.Acapulco.11.AE94D37D.Gen (B)
IkarusTrojan.Win32.Obfuscated
GDataAIT.Heur.Acapulco.11.AE94D37D.Gen
AviraHEUR/AGEN.1142128
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
McAfeePacked-GDP!E982DCFD9F4B
MAXmalware (ai score=86)
MalwarebytesRiskWare.Obfuscated.AutoIt
TrendMicro-HouseCallTROJ_GEN.R06CH0CEK21
FortinetAutoIt/Obfuscated.M!tr
AVGFileRepMalware
Cybereasonmalicious.d9f4b9
MaxSecureTrojan.Malware.300983.susgen

How to remove RiskWare.Obfuscated.AutoIt?

RiskWare.Obfuscated.AutoIt removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment