Categories: Malware

How to remove “Win32/Injector.Autoit.ESL”?

The Win32/Injector.Autoit.ESL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Injector.Autoit.ESL virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Injection with CreateRemoteThread in a remote process
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
A process attempted to delay the analysis task.
At least one IP Address, Domain, or File Name was found in a crypto call
Reads data out of its own binary image
A process created a hidden window
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Executed a process and injected code into it, probably while unpacking
Attempts to remove evidence of file being downloaded from the Internet
Installs itself for autorun at Windows startup
Exhibits behavior characteristic of Nanocore RAT
Collects information to fingerprint the system

Related domains:

34112r.rapiddns.ru

smartcoonect.duckdns.org

How to determine Win32/Injector.Autoit.ESL?


File Info:
crc32: 7D3C40DDmd5: 7ae4f9e46d8483c645d120cf10464537name: tasksmgr.exesha1: a3b5bc0f2df348685ff9fb411062d791af8d7f8esha256: e1ec40574ab5929b5ae73ae4e395326d1081cd344f1ea819159bfb9133e34f37sha512: 4f46dbce9b90d180f077c559ba6b9bd4360f02673186ea018017114f5d6749c5b168548ccc34feec34a4ca59767a9cfc36cbed088130c1fde996a17bf99ced26ssdeep: 24576:Eu6Jx3O0c+JY5UZ+XC0kGso/WaX6Nj1SRH8rcSEouxGTP7k1PWY:+I0c++OCvkGsUWaXyj09qOotL7dYtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
Translation: 0x0809 0x04b0

Win32/Injector.Autoit.ESL also known as:

FireEye	Generic.mg.7ae4f9e46d8483c6
McAfee	Trojan-AitInject.aq
Malwarebytes	Trojan.MalPack.AutoIt
Cybereason	malicious.f2df34
Kaspersky	HEUR:Trojan.Script.Generic
Rising	Trojan.Obfus/Autoit!1.C045 (CLASSIC)
Endgame	malicious (high confidence)
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Downloader.tc
Trapmine	malicious.moderate.ml.score
APEX	Malicious
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	HEUR:Trojan.Script.Generic
ESET-NOD32	a variant of Win32/Injector.Autoit.ESL
Ikarus	Trojan.Autoit
Fortinet	AutoIt/Injector.ERP!tr