Categories: Malware

Win32/Packed.AutoIt.C information

The Win32/Packed.AutoIt.C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Packed.AutoIt.C virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Dynamic (imported) function loading detected
Enumerates running processes
Expresses interest in specific running processes
Reads data out of its own binary image
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Behavioural detection: Injection (Process Hollowing)
Executed a process and injected code into it, probably while unpacking
Code injection with CreateRemoteThread in a remote process
Deletes its original binary from disk
Behavioural detection: Injection (inter-process)
Behavioural detection: Injection with CreateRemoteThread in a remote process
Created a process from a suspicious location
Collects information to fingerprint the system
Anomalous binary characteristics

Related domains:

wpad.local-net

How to determine Win32/Packed.AutoIt.C?


File Info:
name: F0F16748C909E926ABFF.mlwpath: /opt/CAPEv2/storage/binaries/b18cffe0ad8cd39c7af4aeafa7d573ca7f4bdea5771e7cfe26b5c6f70ba6bb7bcrc32: 05AB25BCmd5: f0f16748c909e926abff0f6ce9a3e629sha1: 27aaca5984a94eb41aac913d6411f553fdee3f65sha256: b18cffe0ad8cd39c7af4aeafa7d573ca7f4bdea5771e7cfe26b5c6f70ba6bb7bsha512: b10df0ee3f1f2f761200a8ac3a7b47a85e33cd5fc2cbf11343e05c2c2d8171e05481deecb31baae5cf45e4cf9ad9aa4f7159381706f377dfc5351a2e6b94d288ssdeep: 12288:ETWzgMg7+3qnCiMErQohh0F4GCJ8lny5QLP1EK3Zs+d7hPhtr4MweikSn:CaHM+6Corjmny5QLdEI71Phlutype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1AA05C052B7D680B6D9A339712A7BE32BEB3575194333C48B97E01E778F211009B3A761sha3_384: 7819c3af8bee24f56e150393d0fb23fc94ace73b061e13b3de5bb2fa12e8e01128e04ed24d76126193f9440da0897998ep_bytes: e8a7c00000e979feffffcccccccccccctimestamp: 2010-04-16 07:47:33
Version Info:
FileDescription: FileVersion: 3, 3, 6, 1CompiledScript: AutoIt v3 Script: 3, 3, 6, 1Translation: 0x0809 0x04b0

Win32/Packed.AutoIt.C also known as:

Lionic	Trojan.Win32.Chifrax.4!c
MicroWorld-eScan	Trojan.GenericKD.37273037
FireEye	Generic.mg.f0f16748c909e926
ALYac	Trojan.GenericKD.37273037
Cylance	Unsafe
Zillya	Trojan.Chifrax.Win32.3352
K7AntiVirus	Trojan ( 700000111 )
Alibaba	TrojanPSW:Win32/Chifrax.04c02e39
K7GW	Trojan ( 700000111 )
Cybereason	malicious.984a94
Symantec	Trojan.Gen.MBT
ESET-NOD32	Win32/Packed.AutoIt.C
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan.Win32.Chifrax.dij
BitDefender	Trojan.GenericKD.37273037
NANO-Antivirus	Trojan.Win32.Chifrax.bopunc
Avast	Win32:Zbot-QLU [Trj]
Tencent	Win32.Trojan.Chifrax.Edwz
Ad-Aware	Trojan.GenericKD.37273037
Sophos	Mal/Generic-S
Comodo	Malware@#4wrymc9de21j
DrWeb	BackDoor.Tordev.8
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_GEN.R002C0DGL21
McAfee-GW-Edition	BehavesLike.Win32.Dropper.cc
Emsisoft	Trojan.GenericKD.37273037 (B)
GData	Trojan.GenericKD.37273037
Jiangmin	Trojan/Chifrax.eug
Webroot	W32.InfoStealer.Zeus
Avira	TR/Dropper.Gen
MAX	malware (ai score=80)
Antiy-AVL	Trojan/Generic.ASMalwS.133C4E
Kingsoft	Win32.Troj.Zbot.ir.(kcloud)
Microsoft	PWS:Win32/Zbot
Cynet	Malicious (score: 100)
AhnLab-V3	Spyware/Win32.Zbot.R52068
McAfee	Artemis!F0F16748C909
VBA32	Trojan.Chifrax
Malwarebytes	Malware.AI.40783939
TrendMicro-HouseCall	TROJ_GEN.R002C0DGL21
Ikarus	Trojan.Win32.Chifrax
Fortinet	W32/Zbot.IREE!tr
AVG	Win32:Zbot-QLU [Trj]
Panda	Trj/Autoit.gen
CrowdStrike	win/malicious_confidence_100% (W)