Categories: Malware

Win32/Injector.Autoit.EDR removal instruction

The Win32/Injector.Autoit.EDR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Injector.Autoit.EDR virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Presents an Authenticode digital signature
Creates RWX memory
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Behavioural detection: Injection (Process Hollowing)
Executed a process and injected code into it, probably while unpacking
Behavioural detection: Injection (inter-process)
Created a process from a suspicious location
CAPE detected the Azorult malware family
Attempts to modify proxy settings
Collects information to fingerprint the system
Anomalous binary characteristics

How to determine Win32/Injector.Autoit.EDR?


File Info:
name: 95466FBD9506CD6F0AAE.mlwpath: /opt/CAPEv2/storage/binaries/6469ac0211b47fa319f886688d53908eb047a2b5849eb481d0a1f2c954129b22crc32: 89805BBEmd5: 95466fbd9506cd6f0aae06fe014246fesha1: fd614acce5532365a6cb5c33af59e05190eb25acsha256: 6469ac0211b47fa319f886688d53908eb047a2b5849eb481d0a1f2c954129b22sha512: 6e6ea8b081c06dc9a8d3261d174416943d03946a89d503f893ba8de760aea5b4214dfd543b9709c4efa84b620c49a5383d31d7c71e62a303167ef3cfcbfaf85fssdeep: 24576:xAHnh+eWsN3skA4RV1Hom2KXMmHa9geAvIJ0LM/Zkg+DRQrKOODBnZz5U:Ih+ZkldoPK8Ya9gRIJ00enRUtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T12265DF0263E1C036FFAB92739B6AB21196BD79650133852F23981DBDBD701B1273D663sha3_384: 008f0849221904ab12adeab3619d51adaae63eadaf540607076f93432255e00e8d857a0817ce55d3a3c9c19603d0da1cep_bytes: e8c8d00000e97ffeffffcccccccccccctimestamp: 2019-07-21 19:08:49
Version Info:
Translation: 0x0809 0x04b0

Win32/Injector.Autoit.EDR also known as:

Lionic	Hacktool.Win32.Gamehack.3!e
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Stealer.24943
FireEye	Generic.mg.95466fbd9506cd6f
ALYac	Trojan.GenericKD.32175385
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
K7AntiVirus	Trojan ( 005530ca1 )
Alibaba	TrojanPSW:Win32/Coins.0e04ba48
K7GW	Trojan ( 005530ca1 )
Cybereason	malicious.d9506c
BitDefenderTheta	AI:Packer.66D8DEC917
Symantec	Infostealer
ESET-NOD32	a variant of Win32/Injector.Autoit.EDR
TrendMicro-HouseCall	Backdoor.AutoIt.BLADABINDI.SMA.hp
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	Trojan-PSW.Win32.Coins.tsb
BitDefender	Trojan.GenericKD.32175385
NANO-Antivirus	Trojan.Win32.Coins.ftxtco
MicroWorld-eScan	Trojan.GenericKD.32175385
Avast	Win32:Malware-gen
Tencent	Win32.Trojan.Autoit.Auto
Ad-Aware	Trojan.GenericKD.32175385
Emsisoft	Trojan.GenericKD.32175385 (B)
Comodo	Malware@#t1vy1sav1nle
TrendMicro	Backdoor.AutoIt.BLADABINDI.SMA.hp
McAfee-GW-Edition	Trojan-AitInject.aq
Sophos	Mal/Generic-S + Mal/AuItInj-A
Ikarus	Trojan.Autoit
GData	Trojan.GenericKD.32175385
Webroot	W32.Trojan.Gen
Avira	HEUR/AGEN.1245814
MAX	malware (ai score=88)
Antiy-AVL	GrayWare/Autoit.RunPE.a
ZoneAlarm	Trojan-PSW.Win32.Coins.tsb
Microsoft	Trojan:Win32/AutoitInject.BH!MTB
AhnLab-V3	Win-Trojan/Autoinj03.Exp
McAfee	Artemis!95466FBD9506
VBA32	TrojanPSW.Coins
APEX	Malicious
Rising	Trojan.Obfus/Autoit!1.BB81 (CLASSIC)
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	AutoIt/Injector.EDR!tr
AVG	Win32:Malware-gen
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_100% (W)