What is "Trojan.Win32.Autoit.accfw"?

The Trojan.Win32.Autoit.accfw is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Win32.Autoit.accfw virus can do?

Executable code extraction
Creates RWX memory
A process attempted to delay the analysis task.
Reads data out of its own binary image
Drops a binary and executes it
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
Network activity detected but not expressed in API logs
Checks the CPU name from registry, possibly for anti-virtualization
Collects information to fingerprint the system
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Trojan.Win32.Autoit.accfw?


File Info:
crc32: 56E0B5DD
md5: 0393e4c334723d1107507ef544f88af2
name: Onekey_2020.exe
sha1: 8be33cd0734f26da915c68a3fa0aa643d8bf9ae9
sha256: 596495dbe43509496fef5ac3fd286110aee52f0f8ad82324e8ab651890193f87
sha512: 7dc6b56620cc2e1963c274fb903c2b3fb5b10e07c57d5338abe456f4e17687315eab8e419b79c6017ac4faedda3fbd407ee298444f3446d784cc4189b612ddd9
ssdeep: 196608:C9Bgv+5sUjWKowkwkDGxmT12PLJuj1s1XcuxapPfWCWgd0UaxW2x7k9:C9Bgm5sa3Dkn2wTuspPfWCRta02x7g
type: MS-DOS executable, MZ for MS-DOS

Version Info:
LegalCopyright: x96e8x6797x6728x98cex88c5x673ax5927x5e08
internalname: ylmf.exe
FileVersion: 3.1.0.0
Comments: x96e8x6797x6728x98cex88c5x673ax5927x5e08
ProductName: x96e8x6797x6728x98cex88c5x673ax5927x5e08
ProductVersion: 3.1.0.0
FileDescription: x96e8x6797x6728x98cex88c5x673ax5927x5e08
OriginalFilename: ylmf.exe
Translation: 0x0804 0x04b0

Trojan.Win32.Autoit.accfw also known as:

Bkav	W32.AIDetectVM.malware
MicroWorld-eScan	Trojan.GenericKD.33461764
CMC	Virus.Win32.Sality!O
McAfee	Artemis!0393E4C33472
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Trojan ( 0055e8911 )
BitDefender	Trojan.GenericKD.33461764
K7GW	Trojan ( 0055e8911 )
TrendMicro	Trojan.Win32.WACATAC.THCOCBO
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Malware-gen
GData	Trojan.GenericKD.33461764
Kaspersky	Trojan.Win32.Autoit.accfw
Alibaba	Trojan:Win32/Autoit.66fb63f5
AegisLab	Trojan.Multi.Generic.4!c
Tencent	Win32.Trojan.Autoit.Eoh
Endgame	malicious (high confidence)
Emsisoft	Trojan.GenericKD.33461764 (B)
F-Secure	Heuristic.HEUR/AGEN.1043842
DrWeb	Trojan.DownLoader33.6201
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Injector.tc
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.0393e4c334723d11
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Autoit
Cyren	W32/Trojan.JHDO-8963
Jiangmin	RiskTool.Miner.fl
Avira	HEUR/AGEN.1043842
MAX	malware (ai score=80)
Arcabit	Trojan.Generic.D1FE9604
ZoneAlarm	Trojan.Win32.Autoit.accfw
Microsoft	Trojan:Win32/Tiggre!rfn
AhnLab-V3	Trojan/Win32.Banload.C1347382
Acronis	suspicious
VBA32	Trojan.Downloader
ALYac	Trojan.GenericKD.33461764
Ad-Aware	Trojan.GenericKD.33461764
Panda	Trj/CI.A
ESET-NOD32	a variant of Win32/Packed.Autoit.NBM suspicious
TrendMicro-HouseCall	Trojan.Win32.WACATAC.THCOCBO
eGambit	Unsafe.AI_Score_100%
Fortinet	Riskware/Autoit
BitDefenderTheta	Gen:NN.ZexaF.34096.@pxaaanp67nj
AVG	Win32:Malware-gen
CrowdStrike	win/malicious_confidence_90% (W)

How to remove Trojan.Win32.Autoit.accfw?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

What is “Trojan.Win32.Autoit.accfw”?