Categories: Trojan

TrojanDropper:Win32/Pistolar!pz (file analysis)

The TrojanDropper:Win32/Pistolar!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What TrojanDropper:Win32/Pistolar!pz virus can do?

Sample contains Overlay data
Reads data out of its own binary image
Drops a binary and executes it
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid
Attempts to masquerade or mimic a legitimate process or file name
Attempts to modify Explorer settings to prevent file extensions from being displayed
Attempts to modify Explorer settings to prevent hidden files from being displayed
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine TrojanDropper:Win32/Pistolar!pz?


File Info:
name: C67EEF3313DFE14722E6.mlwpath: /opt/CAPEv2/storage/binaries/a7bde239a0d998f83fae6985d2702b2ecc75f512779b2258252894290dc8174dcrc32: 70B1D41Emd5: c67eef3313dfe14722e62b7986878405sha1: ba98cc8d2c40a785aaa4f3df5914fef20691782csha256: a7bde239a0d998f83fae6985d2702b2ecc75f512779b2258252894290dc8174dsha512: 6569863188bbf07325be30a898abb3e3c5019ace2f6a00ca2ea68e5c5d3701a78de027633946f871ae319f75f984bd9c4bec3131826ee42bde0a73bc6fe3f005ssdeep: 12288:q6Wq4aaE6KwyF5L0Y2D1PqLy6Wq4aaE6KwyF5LU:IthEVaPqLwthEEtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1599412EF72A8B512D87C12B2EA430292C1B0767567FCDB7BB01075171C9F1006EAAB9Dsha3_384: dd153fbfdc4f2ace8e34c6cef12e5e07e1e323236b45e0cf7d279a94708452850cbdfc460afb74fb355f1f8eea04f3deep_bytes: 60be007047008dbe00a0f8ff57eb0b90timestamp: 2012-01-29 22:49:21
Version Info:
FileDescription: FileVersion: 3, 3, 8, 1CompiledScript: AutoIt v3 Script: 3, 3, 8, 1Translation: 0x0809 0x04b0

TrojanDropper:Win32/Pistolar!pz also known as:

Bkav	W32.AIDetectMalware
MicroWorld-eScan	Trojan.Generic.8121236
FireEye	Generic.mg.c67eef3313dfe147
CAT-QuickHeal	Trojan.AutoIt.Pistolar.A
Skyhigh	BehavesLike.Win32.Spyware.gc
McAfee	Autoit.Dropper.gen.a
Malwarebytes	Generic.Malware.AI.DDS
VIPRE	Trojan.Generic.8121236
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 700000111 )
K7GW	Trojan ( 700000111 )
Cybereason	malicious.d2c40a
Baidu	AutoIt.Worm.Agent.a
VirIT	Trojan.Win32.Autoit.ES
Symantec	W32.SillyFDC
Elastic	malicious (moderate confidence)
ESET-NOD32	Win32/Autoit.HZ
APEX	Malicious
ClamAV	Win.Malware.Autoit-6981134-0
Kaspersky	Trojan.Win32.Autoit.blz
BitDefender	Trojan.Generic.8121236
NANO-Antivirus	Trojan.Script.AutoIt.dbycns
Avast	AutoIt:Agent-DP [Trj]
Sophos	W32/AutoIt-QA
F-Secure	Trojan.TR/Dropper.Gen
DrWeb	BackDoor.IRC.Bot.3238
Zillya	Trojan.AutoIT.Win32.152520
Emsisoft	Trojan.Generic.8121236 (B)
Ikarus	Worm.Win32.AutoIt
GData	Trojan.Generic.8121236
Jiangmin	Trojan.MSIL.Zapchast.ag
Google	Detected
Avira	TR/Dropper.Gen
Varist	W32/AutoIt.WG.gen!Eldorado
Antiy-AVL	Trojan/Win32.Graftor.fu
Kingsoft	malware.kb.b.963
Xcitium	TrojWare.Win32.Autoit.n@4p0xzq
Arcabit	Trojan.Generic.D7BEB94
ZoneAlarm	Trojan.Win32.Autoit.blz
Microsoft	TrojanDropper:Win32/Pistolar!pz
Cynet	Malicious (score: 100)
AhnLab-V3	Win-Trojan/Autoit.305824
BitDefenderTheta	AI:Packer.05DA809615
ALYac	Trojan.Generic.8121236
MAX	malware (ai score=89)
VBA32	Worm.Autoit.Rush
Cylance	unsafe
Panda	Trj/Autoit.gen
Rising	Dropper.Pistolar/Autoit!1.A603 (CLASSIC)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Graftor.FU!tr
AVG	AutoIt:Agent-DP [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)