Malware

Win32/Injector.Autoit.EHG (file analysis)

Malware Removal

The Win32/Injector.Autoit.EHG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Win32/Injector.Autoit.EHG virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • CAPE detected the AgentTesla malware family
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

How to determine Win32/Injector.Autoit.EHG?


File Info:

name: B970D7424DC74BB59B97.mlw
path: /opt/CAPEv2/storage/binaries/4240b4bbb07d0294f970d29f6f0b36b524c32094747199e0b7e5a27575c0dd17
crc32: 1AD216B3
md5: b970d7424dc74bb59b973ae1c1efb449
sha1: 44ccfb21a1fa9f8dacaf7fd85dc350f033f0e1bf
sha256: 4240b4bbb07d0294f970d29f6f0b36b524c32094747199e0b7e5a27575c0dd17
sha512: 45e1694845969c0e2d64db46e179124c5cc9ea8d64cc91cae36282eb70053e18b69fc6e7d8450d2845b910ee7f125e292a959a3c4c38dde2841469d7432db750
ssdeep: 24576:A/AHnh+eWsN3skA4RV1Hom2KXMmHanXxWIAr75oAQ+NT30YCQ6a55:Aih+ZkldoPK8YaM4b+NT30YjT5
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12645BE02B3D1D032FFAB92739B6AB20556BDB9258137852F13981DB9BD701B1273D263
sha3_384: 3ecd27d09913a8ed6fd531ee0ecc80c3abcbb276536b1fe97d286646431b63331742be374463379c512c8f1a08c234f8
ep_bytes: e8c8d00000e97ffeffffcccccccccccc
timestamp: 2019-09-13 08:51:51

Version Info:

Translation: 0x0809 0x04b0

Win32/Injector.Autoit.EHG also known as:

BkavW32.AIDetect.malware1
DrWebTrojan.PWS.Siggen2.30629
MicroWorld-eScanTrojan.GenericKD.32453848
FireEyeGeneric.mg.b970d7424dc74bb5
CAT-QuickHealTrojan.AutoIt.Injector.ZZ
McAfeeTrojan-AitInject.aq
CylanceUnsafe
K7AntiVirusTrojan ( 00557b631 )
K7GWTrojan ( 00557b631 )
CrowdStrikewin/malicious_confidence_80% (D)
CyrenW32/AutoIt.NX.gen!Eldorado
SymantecPacked.Generic.548
ESET-NOD32a variant of Win32/Injector.Autoit.EHG
TrendMicro-HouseCallBackdoor.AutoIt.BLADABINDI.SMA.hp
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.GenericKD.32453848
AvastAutoIt:Dropper-DL [Trj]
Ad-AwareTrojan.GenericKD.32453848
EmsisoftTrojan.GenericKD.32453848 (B)
VIPRETrojan.Win32.Generic!BT
TrendMicroBackdoor.AutoIt.BLADABINDI.SMA.hp
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.tc
SophosGeneric ML PUA (PUA)
GDataTrojan.GenericKD.32453848
eGambitUnsafe.AI_Score_98%
AviraDR/AutoIt.Gen8
MAXmalware (ai score=87)
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/Autoinj02.Exp
VBA32Trojan.AutoitInject
ALYacTrojan.GenericKD.32453848
MalwarebytesMachineLearning/Anomalous.97%
APEXMalicious
RisingTrojan.Injector/Autoit!1.BB82 (CLASSIC)
IkarusTrojan.Autoit
MaxSecureTrojan.Malware.300983.susgen
FortinetAutoIt/Injector.EIC!tr
AVGAutoIt:Dropper-DL [Trj]
Cybereasonmalicious.24dc74
PandaTrj/Genetic.gen

How to remove Win32/Injector.Autoit.EHG?

Win32/Injector.Autoit.EHG removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment