Categories: Malware

About “Win32/Injector.Autoit.ETZ” infection

The Win32/Injector.Autoit.ETZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Injector.Autoit.ETZ virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
A process attempted to delay the analysis task.
Attempts to connect to a dead IP:Port (254 unique times)
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
The binary likely contains encrypted or compressed data.
Executed a process and injected code into it, probably while unpacking
Attempts to repeatedly call a single API many times in order to delay analysis time
Steals private information from local Internet browsers
Installs itself for autorun at Windows startup
Exhibits possible ransomware file modification behavior
Creates a hidden or system file
Likely virus infection of existing system binary
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Win32/Injector.Autoit.ETZ?


File Info:
crc32: 12FCFF5Emd5: d79cb1a0ba156cf97cc8c67b76e269f9name: rvcccvcghfvc.exesha1: 659a57580ea7c9800e7226715cfcfc300a464a33sha256: 0810f1e1b014228476c9a7f91d4202686d7509234ffa18cd43bf000336825eb3sha512: e715f1a32d2ddc550cee84cd6a8d60addd4a63abba47c5ead1a39a9ef81f012b73864acfa859383b2bb9a167651ced295f8c2671378b088c0fcc77b0f71cdaaassdeep: 24576:Au6J33O0c+JY5UZ+XC0kGso6FasvPQdIIRWY:qu0c++OCvkGs9FaQPwcYtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
Translation: 0x0809 0x04b0

Win32/Injector.Autoit.ETZ also known as:

MicroWorld-eScan	Trojan.GenericKD.32868527
FireEye	Trojan.GenericKD.32868527
McAfee	Artemis!D79CB1A0BA15
ALYac	Trojan.Ransom.Crysis
Cylance	Unsafe
AegisLab	Trojan.Multi.Generic.4!c
BitDefender	Trojan.GenericKD.32868527
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.80ea7c
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Injector.Autoit.ETZ
GData	Trojan.GenericKD.32868527
Kaspersky	Trojan.Win32.Swisyn.ftzp
ViRobot	Trojan.Win32.Z.Highconfidence.1093632
Endgame	malicious (high confidence)
Emsisoft	Trojan.GenericKD.32868527 (B)
McAfee-GW-Edition	BehavesLike.Win32.Downloader.tc
Trapmine	malicious.high.ml.score
APEX	Malicious
Cyren	W32/Trojan.HMGX-0976
MaxSecure	Trojan.Malware.300983.susgen
Arcabit	Trojan.Generic.D1F588AF
AhnLab-V3	Win-Trojan/Autoinj05.Exp
ZoneAlarm	Trojan.Win32.Swisyn.ftzp
Microsoft	Trojan:Win32/Wacatac.B!ml
MAX	malware (ai score=81)
Ad-Aware	Trojan.GenericKD.32868527
Malwarebytes	Ransom.Phobos
Yandex	Trojan.AvsArher.bSQb5x
Ikarus	Win32.Outbreak
Fortinet	AutoIt/Injector.ETT!tr
AVG	FileRepMalware
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_80% (W)
Qihoo-360	Win32/Trojan.f30