Trojan

Trojan:AutoIt/CryptInject.J (file analysis)

Malware Removal

The Trojan:AutoIt/CryptInject.J is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:AutoIt/CryptInject.J virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to modify proxy settings
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

waityourmoney.tk

How to determine Trojan:AutoIt/CryptInject.J?



File Info:

crc32: 8A3B507F
md5: 1a204c710e98066cdb3297fe5c21e9c8
name: 1A204C710E98066CDB3297FE5C21E9C8.mlw
sha1: fef3eda316942b527ebd8015544ce21f83924465
sha256: a50a64c7362ee64e408d199fa119dd97618a129c73458d8c8337dadb368b040c
sha512: 73bef4f80c883abe417f98c7d1fa537f3afbb2f2f773f20f3b9c0b7ab76a0e76d8cbf3358ea7a774182e112fc56389d4a2dbe071580d558143f8fec15568d6c6
ssdeep: 24576:WCdxte/80jYLT3U1jfsWatQJpeGouKkuDRtRA47vtyVlTQq:fw80cTsjkWaq3o5DRN77q
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: aadcloudap
FileVersion: 704.261.245.758
CompanyName: powershell
ProductName: AppxStreamingDataSourcePS
ProductVersion: 557.257.657.960
FileDescription: ttdinject
OriginalFilename: EhStorAuthn.exe
Translation: 0x0409 0x04b0

Trojan:AutoIt/CryptInject.J also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 005457d81 )
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.26375
CynetMalicious (score: 99)
ALYacTrojan.GenericKD.31539819
CylanceUnsafe
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanPSW:AutoIt/Azorult.73cba9af
K7GWTrojan ( 005457d81 )
Cybereasonmalicious.10e980
ESET-NOD32multiple detections
APEXMalicious
AvastAutoIt:Kryptik-B [Trj]
KasperskyTrojan-PSW.Win32.Azorult.eig
BitDefenderTrojan.GenericKD.31539819
NANO-AntivirusTrojan.Win32.Encoder.fmcvun
MicroWorld-eScanTrojan.GenericKD.31539819
TencentWin32.Trojan.Falsesign.Dxmu
Ad-AwareTrojan.GenericKD.31539819
SophosML/PE-A + Mal/AuItInj-A
ComodoMalware@#1xb38yms0rhe6
BitDefenderThetaAI:Packer.0FD1478917
TrendMicroTrojan.AutoIt.CRYPTINJECT.SMA
FireEyeTrojan.GenericKD.31539819
EmsisoftTrojan.GenericKD.31539819 (B)
WebrootW32.Trojan.Gen
AviraDR/AutoIt.Gen8
MicrosoftTrojan:AutoIt/CryptInject.J
GDataTrojan.GenericKD.31539819
AhnLab-V3Trojan/Win32.Injector.C2926652
McAfeeArtemis!1A204C710E98
MAXmalware (ai score=86)
MalwarebytesMalware.AI.828741100
PandaTrj/CI.A
TrendMicro-HouseCallTrojan.AutoIt.CRYPTINJECT.SMA
IkarusTrojan.Autoit
MaxSecureTrojan.Malware.74065239.susgen
FortinetAutoIt/Injector.ODG!tr
AVGAutoIt:Kryptik-B [Trj]
Paloaltogeneric.ml

How to remove Trojan:AutoIt/CryptInject.J?

Trojan:AutoIt/CryptInject.J removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment