TrojanDropper:AutoIt/Pistolar!pz (file analysis)

The TrojanDropper:AutoIt/Pistolar!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What TrojanDropper:AutoIt/Pistolar!pz virus can do?

Sample contains Overlay data
Authenticode signature is invalid
CAPE detected the shellcode get eip malware family

How to determine TrojanDropper:AutoIt/Pistolar!pz?


File Info:
name: 1CB7CAE94B0314542CDD.mlw
path: /opt/CAPEv2/storage/binaries/e2cbd76a45bd3cbbed87d625b696dba4971b1438537a59fb38ff586de8b4c152
crc32: 33E2C99F
md5: 1cb7cae94b0314542cdd9ec78e098335
sha1: 53b1e69b3048fa3072be2fc17820d762a395f6ed
sha256: e2cbd76a45bd3cbbed87d625b696dba4971b1438537a59fb38ff586de8b4c152
sha512: e7ae32f14fe853903f401758f6bb210861df0346a466dd66ec3b97be43acb674a18ef41151ffe59fe57212cef1982d46b0531a65ea022d95d00ec1633f72d268
ssdeep: 24576:LRmJkcoQricOIQxiZY1dRmJkcoQricOIQxiZY1WNy:IJZoQrbTFZY1SJZoQrbTFZY1WNy
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E835A021F9858076C2A323B19E7EF76AAA3D55370326D2D727C82D315EA05817B3D723
sha3_384: e69de5f3008d324df8332f88dfb86e5c0fbfacd626725e56116d30d182ffb691af0896476309c26469d19a5aa8209807
ep_bytes: e816900000e989feffffcccccccccc55
timestamp: 2012-01-29 21:32:28

Version Info:
0: [No Data]

TrojanDropper:AutoIt/Pistolar!pz also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Autoit.4!c
FireEye	Generic.mg.1cb7cae94b031454
CAT-QuickHeal	TrojanDropper.Pistolar
Skyhigh	BehavesLike.Win32.Generic.th
McAfee	Artemis!1CB7CAE94B03
Cylance	unsafe
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	TrojanDropper:AutoIt/Pistolar.1498527a
K7GW	Trojan ( 700000111 )
K7AntiVirus	Trojan ( 700000111 )
BitDefenderTheta	Gen:NN.ZexaF.36744.drZ@aCcXuZp
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
APEX	Malicious
Cynet	Malicious (score: 100)
Trapmine	malicious.high.ml.score
Sophos	Mal/Generic-S (PUA)
Ikarus	Trojan.Agent
Google	Detected
Microsoft	TrojanDropper:AutoIt/Pistolar!pz
Varist	W32/Autoit.VM.gen!Eldorado
VBA32	Trojan.Autoit
Malwarebytes	Generic.Malware.AI.DDS
TrendMicro-HouseCall	TROJ_GEN.R03BH01AT24
Rising	Trojan.Generic@AI.99 (RDMK:Z+SmA+E3MK7ufD8sFbjztQ)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Autoit.AZA
Fortinet	W32/Agent.DALT!tr
DeepInstinct	MALICIOUS

How to remove TrojanDropper:AutoIt/Pistolar!pz?

TrojanDropper:AutoIt/Pistolar!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X