Malware

Win32/Packed.Autoit.NAR suspicious information

Malware Removal

The Win32/Packed.Autoit.NAR suspicious is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Packed.Autoit.NAR suspicious virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Polish
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • Behavioural detection: Transacted Hollowing
  • Network activity contains more than one unique useragent.
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Accessed credential storage registry keys
  • Harvests cookies for information gathering

How to determine Win32/Packed.Autoit.NAR suspicious?



File Info:

name: A90D8F57AEA289560F28.mlw
path: /opt/CAPEv2/storage/binaries/03a650871313f311c770adcc898db48ef2bfa7cd435d3c6419c4b39691c53599
crc32: CFDDBA24
md5: a90d8f57aea289560f28792472668f77
sha1: 8ea47b7b9a09b0e7544f0be234028b723a1ec74d
sha256: 03a650871313f311c770adcc898db48ef2bfa7cd435d3c6419c4b39691c53599
sha512: 5b1675ecfd4730dac3876fb5263e6d6110553460b435f5227a0dfe37c6e097e4020d0c6a31758281a35c4e9e42a29865543404b7590a16f0111be2fce7b0a94f
ssdeep: 24576:nAHnh+eWsN3skA4RV1Hom2KXMmHa/HkElXgrkM1k9yqanMHOx1ek3T5:ah+ZkldoPK8Ya/tlXSkM18fawO1l
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11C659F01A35BF03DEFDED9336E2565316B7B14182A2EF05E535C9E64FAB01A0A2DD312
sha3_384: dc4897b55e79ce18690e70222464fadc016ca95b79baeeae5dcebd3a27d36dfb3a39fed6553e967debab0dce0a80184a
ep_bytes: e8c8d00000e97ffeffffcccccccccccc
timestamp: 2019-04-20 19:37:20


Version Info:

FileDescription: basecsp
CompanyName: RAVBg64
LegalCopyright: forfiles
ProductName: PresentationSettings
Translation: 0x0409 0x04b0

Win32/Packed.Autoit.NAR suspicious also known as:

BkavW32.AIDetect.malware1
LionicHacktool.Win32.Gamehack.3!e
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.41222708
ALYacTrojan.GenericKD.41222708
MalwarebytesMachineLearning/Anomalous.94%
VIPRETrojan.Win32.Generic!BT
CrowdStrikewin/malicious_confidence_100% (W)
K7GWTrojan ( 0054a3321 )
K7AntiVirusTrojan ( 0054a3321 )
VirITTrojan.Win32.Dnldr28.HSG
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/Packed.Autoit.NAR suspicious
APEXMalicious
Paloaltogeneric.ml
AlibabaTrojan:Win32/Starter.ali2000005
NANO-AntivirusTrojan.Win32.Autoruns.fpkwvq
ViRobotTrojan.Win32.Z.Miner.1437184
Ad-AwareTrojan.GenericKD.41222708
EmsisoftTrojan.GenericKD.41222708 (B)
ComodoMalware@#320elb7d0a16j
DrWebTrojan.DownLoader28.5206
TrendMicroTROJ_GEN.R002C0RKQ21
IkarusTrojan.Win32.Autoit
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1245533
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/CoinMiner.C!rfn
AhnLab-V3Win-Trojan/AutoInj.Exp
McAfeeArtemis!A90D8F57AEA2
VBA32Trojan.Autoit.F
PandaTrj/CI.A
TencentWin64.Trojan.Miner.Lkxh
MaxSecureWin.MxResIcn.Heur.Gen
FortinetRiskware/Application
AVGFileRepMalware
AvastFileRepMalware

How to remove Win32/Packed.Autoit.NAR suspicious?

Win32/Packed.Autoit.NAR suspicious removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment