Categories: Malware

Troj/AutoIt-CPM (file analysis)

The Troj/AutoIt-CPM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Troj/AutoIt-CPM virus can do?

Behavioural detection: Executable code extraction – unpacking
Sample contains Overlay data
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Spanish (Colombia)
Authenticode signature is invalid
Behavioural detection: Injection (Process Hollowing)
Behavioural detection: Injection (inter-process)
Installs itself for autorun at Windows startup
CAPE detected the RevengeRAT malware family
Anomalous binary characteristics
Yara detections observed in process dumps, payloads or dropped files

How to determine Troj/AutoIt-CPM?


File Info:
name: 259FACBAAAD698ADC7AA.mlwpath: /opt/CAPEv2/storage/binaries/da605d052dc86535b3174a644f4ea0186c669dbbee87f828daeb063ac55e96cfcrc32: B3FD2EE7md5: 259facbaaad698adc7aa62ef369c5671sha1: 80457fc21efa22bfab3a9d346e550a6f5429cdbasha256: da605d052dc86535b3174a644f4ea0186c669dbbee87f828daeb063ac55e96cfsha512: 187369d772c5ddd584a92f15d8f7a82dc9c9f53d2f0149eb909d1f0e650e9592f0c5d3f9283b00b87cf45d6d87bd2f92286147989e3a21a1fe3ebfdbea43d9acssdeep: 24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHaKZa5u:gh+ZkldoPK8YaKGutype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1E0158C0273D1C036FFAB92739B6AB64156BC79254133852F13982DB9BD701B2263E763sha3_384: 2caa2d6329fe52dcb63aa35b1ad869a62133d5c637e0215e1201ba86391cfdd5cbbfb814a6a02d6fd82c9fd1c45dbc4bep_bytes: e8c8d00000e97ffeffffcccccccccccctimestamp: 2019-04-15 13:41:58
Version Info:
FileDescription: Internet ExplorerOriginalFilename: IEXPLORE.EXE.MUICompanyName: Microsoft CorporationFileVersion: ...LegalCopyright: Â© Microsoft Corporation. Todos los derechos reservados.ProductName: Internet ExplorerProductVersion: ...Translation: 0x0409 0x04b0

Troj/AutoIt-CPM also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.AutoIt.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.AutoIt.385
MicroWorld-eScan	Trojan.GenericKD.67056032
FireEye	Generic.mg.259facbaaad698ad
Skyhigh	BehavesLike.Win32.Injector.dh
ALYac	Trojan.GenericKD.67056032
Malwarebytes	Generic.Malware.AI.DDS
VIPRE	Trojan.GenericKD.67056032
Sangfor	Virus.Win32.Save.a
K7AntiVirus	Trojan ( 700000111 )
K7GW	Trojan ( 700000111 )
Cybereason	malicious.aaad69
BitDefenderTheta	AI:Packer.44866B6B18
VirIT	Trojan.Win32.AutoIT.BQK
Symantec	Trojan.Gen.2
ESET-NOD32	a variant of Win32/Injector.Autoit.DUY
APEX	Malicious
TrendMicro-HouseCall	Trojan.AutoIt.CRYPTINJECT.SMA
ClamAV	Win.Trojan.RevengeRAT-10004611-1
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Trojan.GenericKD.67056032
NANO-Antivirus	Trojan.Script.Agent.jpixbz
Avast	AutoIt:Injector-JF [Trj]
Emsisoft	Trojan.GenericKD.67056032 (B)
F-Secure	Trojan.TR/AD.AtomicRat.BF
TrendMicro	Trojan.AutoIt.CRYPTINJECT.SMA
Sophos	Troj/AutoIt-CPM
SentinelOne	Static AI – Suspicious PE
MAX	malware (ai score=84)
Google	Detected
Avira	TR/AD.AtomicRat.BF
Varist	W32/Autoit.WV.gen!Eldorado
Antiy-AVL	Trojan[Injector]/Win32.Autoit
Kingsoft	malware.kb.a.1000
Arcabit	Trojan.Generic.D3FF31A0
ZoneAlarm	HEUR:Trojan.Win32.Autoit.gen
GData	Trojan.GenericKD.67056032
Cynet	Malicious (score: 100)
AhnLab-V3	Win-Trojan/AutoInj.Exp
McAfee	Artemis!259FACBAAAD6
VBA32	Trojan.AutoIt
Cylance	unsafe
Panda	Trj/Genetic.gen
Rising	Trojan.Injector/Autoit!1.BB8F (CLASSIC)
Ikarus	Trojan-Spy.FormBook
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	AutoIt/Injector.DUY!tr
AVG	AutoIt:Injector-JF [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)