Trojan

What is “Trojan:Win32/AutoitShellInj!MTB”?

Malware Removal

The Trojan:Win32/AutoitShellInj!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/AutoitShellInj!MTB virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Compression (or decompression)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Steals private information from local Internet browsers
  • Exhibits behavior characteristic of iSpy Keylogger
  • Installs itself for autorun at Windows startup
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Creates a slightly modified copy of itself
  • Anomalous binary characteristics

How to determine Trojan:Win32/AutoitShellInj!MTB?



File Info:

crc32: 560C9F73
md5: f0dd5b1e49dffc85ea9256aca3aedb2a
name: F0DD5B1E49DFFC85EA9256ACA3AEDB2A.mlw
sha1: 44b5c651f8133f7bfe4962a115763c8430b20ded
sha256: 6137e168ddcf675b921e6a62a58712fb9c0a2fefd55e865c4c648bbfe91af491
sha512: 4bb10d90c37039c71c37acc4d10794549308576f307068a057ef86fa23e7efc3e1f5ad3a68de1482a4e1409ebac99a298afe566ccfe6e3e45daa53e07577c25a
ssdeep: 24576:2AHnh+eWsN3skA4RV1Hom2KXMmHazye7H9ZCZPs27w25ah9n5U:Rh+ZkldoPK8YazycH9e027aNU
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

Translation: 0x0809 0x04b0

Trojan:Win32/AutoitShellInj!MTB also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Strictor.196032
FireEyeGeneric.mg.f0dd5b1e49dffc85
CAT-QuickHealTrojan.Autoit
McAfeeArtemis!F0DD5B1E49DF
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabHacktool.Win32.Gamehack.3!e
SangforMalware
K7AntiVirusTrojan ( 700000111 )
BitDefenderGen:Variant.Strictor.196032
K7GWTrojan ( 700000111 )
Cybereasonmalicious.e49dff
CyrenW32/AutoIt.QF.gen!Eldorado
SymantecTrojan.Gen.MBT
APEXMalicious
AvastAutoIt:Injector-JF [Trj]
ClamAVWin.Malware.Autoit-6989300-0
KasperskyHEUR:Trojan.Script.Generic
AlibabaTrojan:Win32/runner.ali1000123
TencentWin32.Trojan.Ad.Eddt
Ad-AwareGen:Variant.Strictor.196032
EmsisoftGen:Variant.Strictor.196032 (B)
ComodoMalware@#3px07rc1b15p4
F-SecureHeuristic.HEUR/AGEN.1100085
DrWebTrojan.PWS.Siggen2.16724
TrendMicroTROJ_GEN.R002C0DAH21
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.tc
SophosMal/Generic-R + Mal/AuItInj-A
AviraHEUR/AGEN.1100085
Antiy-AVLGrayWare/Autoit.ShellCode.a
MicrosoftTrojan:Win32/AutoitShellInj!MTB
ArcabitTrojan.Strictor.D2FDC0
ZoneAlarmHEUR:Trojan.Script.Generic
GDataGen:Variant.Strictor.196032
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.RL_Sonbokli.R285617
BitDefenderThetaAI:Packer.EAB0307417
ALYacGen:Variant.Strictor.196032
TACHYONTrojan/W32.Agent.1868848
VBA32Backdoor.Androm
MalwarebytesGeneric.Trojan.Malicious.DDS
PandaTrj/Genetic.gen
ESET-NOD32a variant of Win32/Injector.Autoit.DZU
TrendMicro-HouseCallTROJ_GEN.R002C0DAH21
RisingTrojan.Injector/Autoit!1.BB82 (CLASSIC)
MAXmalware (ai score=83)
eGambitUnsafe.AI_Score_98%
FortinetAutoIt/Injector.DZH!tr
AVGAutoIt:Injector-JF [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_80% (D)
Qihoo-360Generic/Trojan.Script.ed4

How to remove Trojan:Win32/AutoitShellInj!MTB?

Trojan:Win32/AutoitShellInj!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment