Categories: Malware

Win32/Injector.Autoit.PY (file analysis)

The Win32/Injector.Autoit.PY is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Injector.Autoit.PY virus can do?

Sample contains Overlay data
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Behavioural detection: Injection (Process Hollowing)
Behavioural detection: Injection (inter-process)
Behavioural detection: Injection with CreateRemoteThread in a remote process
CAPE detected the embedded win api malware family
Binary file triggered YARA rule
CAPE detected injection into a browser process, likely for Man-In-Browser (MITB) infostealing
Creates a copy of itself
Anomalous binary characteristics
Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/Injector.Autoit.PY?


File Info:
name: B97354991D2594B888EE.mlwpath: /opt/CAPEv2/storage/binaries/c6c18bff1a66fd3f16f870faf7d0e880db0356d17f859e08edd8ba0c71ebf925crc32: B2AFD605md5: b97354991d2594b888eee3a7bc946e70sha1: 59efad7d0a90a2341be9393023bdd6e100d44763sha256: c6c18bff1a66fd3f16f870faf7d0e880db0356d17f859e08edd8ba0c71ebf925sha512: 24c6de995a3b81aebd951c85fec24015c1c8585a72542e85d480e80e028c363eb610b8df2ff476cc9350108c3c927655385c95ceb29eab4938daca82ca409c3fssdeep: 24576:8RmJkcoQricOIQxiZY1iakjrvgxH7nZOjdcA/fjAOeY9C7:pJZoQrbTFZY1iaKrvgbycU27type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T12545E122F5D69076C2F323B19E7EF76A9A3D65260336D29727C82D311EA04416B39733sha3_384: 9eb48caa844ed412ee803e5be853b0c644669af9432d9aa39bd8b85a6e0dd82e83f01056dca93db5aa216ee1f9d04321ep_bytes: e816900000e989feffffcccccccccc55timestamp: 2012-01-29 21:32:28
Version Info:
FileDescription: FileVersion: 3, 3, 8, 1CompiledScript: AutoIt v3 Script: 3, 3, 8, 1Translation: 0x0809 0x04b0

Win32/Injector.Autoit.PY also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Autoit.m4uX
tehtris	Generic.Malware
MicroWorld-eScan	Trojan.GenericKD.2677014
Skyhigh	BehavesLike.Win32.Dropper.tc
McAfee	Artemis!B97354991D25
Malwarebytes	Generic.Malware/Suspicious
Zillya	Worm.AutoIt.Win32.14372
Sangfor	Worm.Win32.Autoit.Vm8f
K7AntiVirus	Trojan ( 0055e3991 )
Alibaba	Trojan:Win32/Autoit.ali2000008
K7GW	Trojan ( 0055e3991 )
VirIT	Trojan.Win32.Generic.CAYG
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Injector.Autoit.PY
APEX	Malicious
TrendMicro-HouseCall	TROJ_GEN.R002C0GC824
Paloalto	generic.ml
Kaspersky	Email-Worm.Win32.AutoIt.c
BitDefender	Trojan.GenericKD.2677014
NANO-Antivirus	Trojan.Win32.AutoIt.dvszmp
Avast	Win32:Malware-gen
Tencent	Win32.Worm-Email.Autoit.Azlw
Emsisoft	Trojan.GenericKD.2677014 (B)
F-Secure	Heuristic.HEUR/AGEN.1321784
DrWeb	Trojan.DownLoader16.12797
VIPRE	Trojan.GenericKD.2677014
TrendMicro	TROJ_GEN.R002C0GC824
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.b97354991d2594b8
Sophos	Mal/Generic-S
Ikarus	Trojan.Script
Jiangmin	Worm.AutoIt.aj
Google	Detected
Avira	HEUR/AGEN.1321784
Kingsoft	Win32.Troj.Undef.a
Microsoft	Worm:Win32/Xtrat.B
Arcabit	Trojan.Generic.D28D916
ZoneAlarm	Email-Worm.Win32.AutoIt.c
GData	Trojan.GenericKD.2677014
Cynet	Malicious (score: 100)
ALYac	Trojan.GenericKD.2677014
MAX	malware (ai score=100)
VBA32	Trojan.Autoit.Paket
Cylance	unsafe
Panda	Trj/CI.A
MaxSecure	Trojan.Autoit.AZA
Fortinet	W32/AutoIt.C@mm
AVG	Win32:Malware-gen
DeepInstinct	MALICIOUS
alibabacloud	Worm[email]:Win/AutoIt.PY