Trojan

Should I remove “Trojan.MalPack.AutoIt.Generic”?

Malware Removal

The Trojan.MalPack.AutoIt.Generic is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What Trojan.MalPack.AutoIt.Generic virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Injection with CreateRemoteThread in a remote process
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to remove evidence of file being downloaded from the Internet
  • Installs itself for autorun at Windows startup
  • Exhibits behavior characteristic of Nanocore RAT
  • Creates a copy of itself
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

How to determine Trojan.MalPack.AutoIt.Generic?



File Info:

crc32: 4707D4AE
md5: 4d5e215a308dd83915bea7f116b748ef
name: oo.exe
sha1: 7cf0638aa332229efa6e9ebf014257e190620f8a
sha256: af2fed79cbce82f6cf7bd2f09fdae62a996460898a0e52de5f6c516291a0251e
sha512: 5fab87890d5e5711063da4a0a8db4e395c710f61c8770a690008b98ed1ba49b498deeeb8293b1e2beee686bd31958036f1a57353c7342509b84c4259c192e882
ssdeep: 24576:Bu6Jx3O0c+JY5UZ+XC0kGso/WahtXHwjCV8NFgB9biNcPEWY:TI0c++OCvkGsUWah7OQY
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

Translation: 0x0809 0x04b0

Trojan.MalPack.AutoIt.Generic also known as:

MicroWorld-eScanAIT.Cottonmouth.3.Gen
FireEyeGeneric.mg.4d5e215a308dd839
McAfeeTrojan-AitInject.aq
MalwarebytesTrojan.MalPack.AutoIt.Generic
BitDefenderAIT.Cottonmouth.3.Gen
Cybereasonmalicious.aa3322
F-ProtW32/AutoIt.IJ.gen!Eldorado
APEXMalicious
GDataAIT.Cottonmouth.3.Gen
KasperskyHEUR:Trojan.Win32.Generic
RisingTrojan.Obfus/Autoit!1.BD7E (CLASSIC)
Endgamemalicious (high confidence)
EmsisoftAIT.Cottonmouth.3.Gen (B)
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Downloader.th
CyrenW32/AutoIt.IJ.gen!Eldorado
MAXmalware (ai score=87)
MicrosoftTrojan:Win32/Wacatac.B!ml
ArcabitAIT.Cottonmouth.3.Gen
ZoneAlarmHEUR:Trojan.Win32.Generic
AhnLab-V3Win-Trojan/Autoinj04.Exp
Acronissuspicious
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360HEUR/QVM10.1.6FA3.Malware.Gen

How to remove Trojan.MalPack.AutoIt.Generic?

Trojan.MalPack.AutoIt.Generic removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment