Malware

Should I remove “Troj/HkAutoIt-I”?

Malware Removal

The Troj/HkAutoIt-I is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/HkAutoIt-I virus can do?

  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family
  • Binary file triggered YARA rule
  • Deletes executed files from disk
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Troj/HkAutoIt-I?



File Info:

name: 404122AA3B48B14854F4.mlw
path: /opt/CAPEv2/storage/binaries/eb8a9cd7aa580fc1ebd8d122fa2ecdab7f20d0d4266181ded60f180a05485060
crc32: 8F1FAC3E
md5: 404122aa3b48b14854f4300e82aafd40
sha1: ac4d2c66846790627c6cc3f3bc9ebf73a4c82911
sha256: eb8a9cd7aa580fc1ebd8d122fa2ecdab7f20d0d4266181ded60f180a05485060
sha512: 25912cfec38d657cee0d7cf423fec22d31933c33ef3944dc1aa4d4281a89d0b450add62a6209f391293b714e7995de13540f99dc984413acc960c3cbc4c6479c
ssdeep: 24576:NRmJkcoQricOIQxiZY1TaHzoEjQht0PdQ+:iJZoQrbTFZY1TaHzoEjQhtK6+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18C25AE21B5818035C1B22A71FD7AF77796387C2603629A972FCC3E2BAE705412B75727
sha3_384: c52353af85dce90e85b565fe60a9937b6698f8990f1d1e87b61dfe0b15f6f527906ae4e4acd47ff6f3f22beb2260d501
ep_bytes: e816900000e989feffffcccccccccc55
timestamp: 2012-01-29 21:32:28


Version Info:

FileVersion: 6.0.4.420
Comments: EasyRT menu navigation
FileDescription: Main program EasyMenu System
LegalCopyright: (c) B. Zeiser 2008-2019, http://easype.com
Compile Date: 28.06.2019 18:54:26
File Date: 28.06.2019, 18:54:26
ProductVersion: 6.0
Programmname: PEMenu.exe
Made By: (c) B. Zeiser 2008-2019, http://easype.com
OriginalFilename: PEMenu.exe
ProductName: PEMenu
CompanyName: EasyPE
Translation: 0x0809 0x04b0

Troj/HkAutoIt-I also known as:

BkavW32.AIDetectMalware
AVGWin32:Malware-gen
MicroWorld-eScanTrojan.GenericKD.72388463
FireEyeTrojan.GenericKD.72388463
SkyhighBehavesLike.Win32.BadFile.dh
McAfeeArtemis!404122AA3B48
Cylanceunsafe
SangforTrojan.Win32.Agent.Vh92
CrowdStrikewin/malicious_confidence_60% (D)
AlibabaTrojanDropper:AutoIt/HkAutoIt.504b0356
K7GWTrojan ( 700000111 )
K7AntiVirusTrojan ( 700000111 )
SymantecTrojan.Gen.2
CynetMalicious (score: 99)
APEXMalicious
AvastWin32:Malware-gen
BitDefenderTrojan.GenericKD.72388463
EmsisoftTrojan.GenericKD.72388463 (B)
F-SecureDropper.DR/AutoIt.Gen
VIPRETrojan.GenericKD.72388463
Trapminemalicious.high.ml.score
SophosTroj/HkAutoIt-I
AviraDR/AutoIt.Gen
MAXmalware (ai score=87)
MicrosoftTrojan:Win32/Wacatac.B!ml
ArcabitTrojan.Generic.D4508F6F
GDataTrojan.GenericKD.72388463
GoogleDetected
ALYacTrojan.GenericKD.72388463
VBA32Trojan.Autoit.Wirus
MalwarebytesGeneric.Malware/Suspicious
PandaTrj/Chgt.AD
RisingTrojan.Generic@AI.93 (RDML:aM1nj/F7oHYOp22pxrfNgA)
MaxSecureTrojan.Autoit.AZA
FortinetW32/PossibleThreat
DeepInstinctMALICIOUS

How to remove Troj/HkAutoIt-I?

Troj/HkAutoIt-I removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment