Categories: Malware

Win32/Packed.Autoit.NAV suspicious information

The Win32/Packed.Autoit.NAV suspicious is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Packed.Autoit.NAV suspicious virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Anomalous file deletion behavior detected (10+)
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
CAPE extracted potentially suspicious content
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Deletes its original binary from disk
Attempts to modify proxy settings
Creates a copy of itself
Harvests cookies for information gathering
Creates Qulab/MASAD information stealer mutexes

How to determine Win32/Packed.Autoit.NAV suspicious?


File Info:
name: E61D3D2AD68F1083EF48.mlwpath: /opt/CAPEv2/storage/binaries/21cb2da138ba0359ec49fc47305fc06f4995ea09e5c6f8d5c2640ee1494185efcrc32: CB8D7F66md5: e61d3d2ad68f1083ef48fbd240ec5a0asha1: a4b24809cd7aa67321cf29be7e6b5f31b212b569sha256: 21cb2da138ba0359ec49fc47305fc06f4995ea09e5c6f8d5c2640ee1494185efsha512: 2a188e75166d722ce3b8b9924f4e8a47d31a6499f788efce17ec1909428279c35f659c0b0ef6002936ed1697e8a3752d13bc16e2e2f5a3c975765ab7b6fb2b27ssdeep: 49152:7h+ZkldoPK8Yac8zhTlwO5uRPLv7YeSY886fynFkzOhFYg0NNT+lxkGvfMEnuzK:k2cPK8Bz/wwutD7tBFkGUTJGv0E6type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1FFF5120273E6D032FFAB92739B2AB20556BD7C654523952F13982D79BC701B2173E623sha3_384: a4f28065d37dfe6198f1c19c1d17c5a0ffceff9a69db681230dab283a1281ebb55df8b01ff6acfa8cfc260399840986aep_bytes: e8c8d00000e97ffeffffcccccccccccctimestamp: 2022-05-07 13:26:49
Version Info:
Comments: eh4pwCoAsZRzZ6tp9roVieq1ZU68Rens7ArxKlzZKpzGGHqVRGxqmyoIWNGCeadrpoCompanyName: Библиотека диспетчера логических дисковFileDescription: Внутренняя служба рабочих процессов печати Microsoft WindowsFileVersion: 5.8.3.5InternalName: ttdinject.exeOriginalFilename: ttdinject.exeProductVersion: 5.8.3.5Translation: 0x0809 0x04b0

Win32/Packed.Autoit.NAV suspicious also known as:

Bkav	W32.AIDetect.malware2
Cynet	Malicious (score: 100)
Sangfor	Virus.Win32.Save.a
K7GW	Trojan ( 700000111 )
K7AntiVirus	Trojan ( 700000111 )
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.Autoit.NAV suspicious
APEX	Malicious
ClamAV	Win.Packed.Autoit-9820618-0
Kaspersky	HEUR:Trojan-PSW.Win32.Masqulab.b
BitDefender	Gen:Trojan.Heur.AutoIT.17Ex0@amuFF8oi
MicroWorld-eScan	Gen:Trojan.Heur.AutoIT.17Ex0@amuFF8oi
Ad-Aware	Gen:Trojan.Heur.AutoIT.17Ex0@amuFF8oi
Sophos	Generic ML PUA (PUA)
F-Secure	Heuristic.HEUR/AGEN.1245819
DrWeb	Trojan.PWS.Stealer.27517
TrendMicro	Trojan.Win32.CRYPTINJECT.SMB
McAfee-GW-Edition	BehavesLike.Win32.Generic.wc
FireEye	Generic.mg.e61d3d2ad68f1083
Emsisoft	Gen:Trojan.Heur.AutoIT.17Ex0@amuFF8oi (B)
GData	Gen:Trojan.Heur.AutoIT.17Ex0@amuFF8oi
Avira	HEUR/AGEN.1245819
MAX	malware (ai score=81)
Arcabit	Trojan.Heur.AutoIT.E33E82
ZoneAlarm	HEUR:Trojan-PSW.Win32.Masqulab.b
Microsoft	Trojan:Win32/Sabsik.TE.B!ml
ALYac	Gen:Trojan.Heur.AutoIT.17Ex0@amuFF8oi
VBA32	Trojan.Autoit.F
Malwarebytes	Trojan.Qulab.AutoIt
TrendMicro-HouseCall	Trojan.Win32.CRYPTINJECT.SMB
Rising	Trojan.Obfus/Autoit!1.BD86 (CLASSIC)
Ikarus	Trojan.Win32.Autoit
Fortinet	AutoIt/Packed.OH!tr
Cybereason	malicious.ad68f1