Ransom Trojan

Trojan-Ransom.Win32.AutoIt.zyx information

Malware Removal

The Trojan-Ransom.Win32.AutoIt.zyx is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Ransom.Win32.AutoIt.zyx virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Attempts to disable UAC
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan-Ransom.Win32.AutoIt.zyx?



File Info:

name: 65397799DA673AF6C4D5.mlw
path: /opt/CAPEv2/storage/binaries/4f5c194544ba062322670014b7c59ad7e8d920c1c6af162bd7caaa9e65a0d997
crc32: 7B71B14F
md5: 65397799da673af6c4d5c832b8f42775
sha1: 29a8b032905ab7848efd3e8633b1b6b5f903c43a
sha256: 4f5c194544ba062322670014b7c59ad7e8d920c1c6af162bd7caaa9e65a0d997
sha512: 28194089eac3a51502d33f6d7ca56146fa7cc092366cf790cf4c8eba83f1514f97f1d7d0218bc1095c91771a097c5262c4cf8a48b95528282c10011420338862
ssdeep: 49152:vJZoQrbTFZY1iaJqSAvChVIB6SHmlpC21CfpcD19p41rMstZh:vtrbTA1lFORGlp8RcDnIMs/h
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T146A50112F5C59076C1B362719D7AF7B95A3C7E3A0326C18B33C83A351EB15526B2A723
sha3_384: ffbdcacc9ce7978a125ef2058cccdaec47da2ebc278e519db6a23239c2e0fdb9d70e0a59a9993b1de33128f736756acf
ep_bytes: e816900000e989feffffcccccccccc55
timestamp: 2012-01-29 21:32:28


Version Info:

FileDescription: 
FileVersion: 3, 3, 8, 1
CompiledScript: AutoIt v3 Script: 3, 3, 8, 1
Translation: 0x0809 0x04b0

Trojan-Ransom.Win32.AutoIt.zyx also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.AutoIt.j!c
FireEyeGeneric.mg.65397799da673af6
McAfeeArtemis!65397799DA67
CylanceUnsafe
AlibabaRansom:Win32/Generic.805df100
CyrenW32/AutoIt.CI.gen!Eldorado
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyTrojan-Ransom.Win32.AutoIt.zyx
ComodoTrojWare.Win32.Injector.EUXI@4yxp37
DrWebTrojan.MulDrop9.7892
JiangminRiskTool.BitCoinMiner.aep
Antiy-AVLTrojan/Generic.ASMalwS.2C7FA7A
GridinsoftRansom.Win32.Gen.sa
VBA32TrojanRansom.AutoIt
MaxSecureTrojan.Autoit.AZA
FortinetW32/AutoIt.YIJ!tr

How to remove Trojan-Ransom.Win32.AutoIt.zyx?

Trojan-Ransom.Win32.AutoIt.zyx removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment