Trojan

Trojan.Heur.AutoIT.14 (file analysis)

Malware Removal

The Trojan.Heur.AutoIT.14 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Heur.AutoIT.14 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Enumerates running processes
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to remove evidence of file being downloaded from the Internet
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Created a process from a suspicious location
  • Anomalous binary characteristics

How to determine Trojan.Heur.AutoIT.14?



File Info:

name: BE415523E49B511DB198.mlw
path: /opt/CAPEv2/storage/binaries/a6717653f7c15b6be1fbd6757d8fd68ab79f0f0c6bd16a6b10a4be33db9b0f72
crc32: 6B478F1D
md5: be415523e49b511db1982de93cb086f7
sha1: c8546740a1e5074af0ee68de482ea5fbf7bf2d01
sha256: a6717653f7c15b6be1fbd6757d8fd68ab79f0f0c6bd16a6b10a4be33db9b0f72
sha512: e37fada66a335e8f68230510d101f2f14ac0a105d9289acb793c73890a2ce77632caf0f4991518d8cce865973916bff21556ed5a42f64f0733cb68a1cb4f768f
ssdeep: 49152:Kw80NTsjkWaHnpcpvblcpjMaw2bWpCm+uFOV:vLsjk3epREjMawFz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14BB5F11277CDC331CB669173BE6AB3116EBB3C654630B8572E843E7DB930121262DA63
sha3_384: 4070a71bd58bcf50604515d7babbc8d48ba24facdb2a4ad55fe72c42d5d3084f36b08d7db956813e36183143678fde52
ep_bytes: e8b8d00000e97ffeffffcccccccccccc
timestamp: 2016-05-15 16:17:57


Version Info:

Comments: Welders heat
CompanyName: Monoliths mixes
FileDescription: Disers journal
FileVersion: 5.5.5.1
InternalName: discussions.exe
LegalCopyright: © Liters managements
OriginalFilename: discussions.exe
ProductName: Rewards fours
ProductVersion: 5.5.5.1
twirls: ejection
drunkeness: corrosion
abbreviations: discrimination
Translation: 0x0409 0x04b0

Trojan.Heur.AutoIT.14 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.MSIL.Inject.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.Heur.AutoIT.14
FireEyeGeneric.mg.be415523e49b511d
ALYacGen:Trojan.Heur.AutoIT.14
CylanceUnsafe
ZillyaTrojan.Inject.Win32.195762
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojan:MSIL/Inject.428cdf92
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.3e49b5
SymantecML.Attribute.HighConfidence
ESET-NOD32MSIL/Agent.YW
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.MSIL.Inject.elpz
BitDefenderGen:Trojan.Heur.AutoIT.14
NANO-AntivirusTrojan.Win32.Dwn.ecsrfa
AvastFileRepMalware
TencentWin32.Trojan.Autoit.Auto
Ad-AwareGen:Trojan.Heur.AutoIT.14
TACHYONTrojan/W32.Inject.2370560
SophosTroj/HkAutoIt-J
ComodoMalware@#27y67tnwcj4bp
DrWebTrojan.DownLoader21.44172
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R031C0RGN21
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.vc
EmsisoftGen:Trojan.Heur.AutoIT.14 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Trojan.Heur.AutoIT.14
WebrootW32.Bitcoinminer
AviraHEUR/AGEN.1100061
KingsoftWin32.Troj.Inject.el.(kcloud)
MicrosoftTrojanSpy:MSIL/Omaneat.C
CynetMalicious (score: 99)
McAfeeArtemis!BE415523E49B
MAXmalware (ai score=100)
VBA32Backdoor.MSIL.NanoBot
TrendMicro-HouseCallTROJ_GEN.R031C0RGN21
RisingTrojan.Generic@ML.100 (RDML:L4S3zKXVdyDefHiU3FsMjw)
IkarusTrojan.MSIL.Agent
eGambitUnsafe.AI_Score_58%
FortinetW32/Inject.ELPZ!tr
BitDefenderThetaAI:Packer.D0BD99CD19
AVGFileRepMalware
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.73405155.susgen

How to remove Trojan.Heur.AutoIT.14?

Trojan.Heur.AutoIT.14 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment