Malware

Win64/Packed.Autoit.E removal

Malware Removal

The Win64/Packed.Autoit.E is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win64/Packed.Autoit.E virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine Win64/Packed.Autoit.E?



File Info:

name: B51C19F4BA49BB0EAAD2.mlw
path: /opt/CAPEv2/storage/binaries/cfac6ca6d3b0f26f42c6abad934ca134c5ece1b22cddfc94865a51d8ad4987cb
crc32: 02F6F258
md5: b51c19f4ba49bb0eaad211b3ed72d0f9
sha1: bbf9efde8c435195a4d0e55e3d8c5879cc300d41
sha256: cfac6ca6d3b0f26f42c6abad934ca134c5ece1b22cddfc94865a51d8ad4987cb
sha512: f2f0646521f2060bc71b2968eda371c35802c676ee54c924dc32ffc38571c30ad6cc6a160a8ad5e4d55b6b08049dfd7dcc81ab38fe5727dec0a20e7c9cec6a2c
ssdeep: 196608:7bQVn+3ueWMhUlFRliRkjr9FdqUZl6/p:HQV++wm7qkj3dqZp
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T1DD76239933E442E9FEB7E037CA12C607C6B1788A4277872F01A05AB66F33771591E751
sha3_384: a4bfbb05d37783eeb294fa4f86ddf4aedb731b4c9e11aa8b02e4cac0b91d799117be83096bd24e929aaa2f6e6c5fd796
ep_bytes: 4883ec28e8bfb300004883c428e936fe
timestamp: 2020-11-25 11:44:47


Version Info:

Translation: 0x0809 0x04b0

Win64/Packed.Autoit.E also known as:

Elasticmalicious (high confidence)
CynetMalicious (score: 100)
McAfeePacked-FYT!B51C19F4BA49
MalwarebytesTrojan.BitCoinMiner.AutoIt
BitDefenderAIT:Trojan.Agent.EWPS
CyrenW64/AutoIt.UH.gen!Eldorado
ESET-NOD32a variant of Win64/Packed.Autoit.E
APEXMalicious
KasperskyTrojan.Win32.Miner.bde
MicroWorld-eScanAIT:Trojan.Agent.EWPS
AvastBV:Mykings-S [Trj]
Ad-AwareAIT:Trojan.Agent.EWPS
EmsisoftAIT:Trojan.Agent.EWPS (B)
F-SecureHeuristic.HEUR/AGEN.1100152
McAfee-GW-EditionBehavesLike.Win64.Generic.wc
FireEyeGeneric.mg.b51c19f4ba49bb0e
SophosGeneric ML PUA (PUA)
IkarusTrojan.Win64.Autoit
AviraHEUR/AGEN.1100152
MAXmalware (ai score=88)
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
ArcabitAIT:Trojan.Agent.EWPS
GDataAIT:Trojan.Agent.EWPS
AhnLab-V3CoinMiner/AU3.Generic.S1299
ALYacAIT:Trojan.Agent.EWPS
FortinetAutoIt/Miner.BDE!tr
AVGBV:Mykings-S [Trj]
Cybereasonmalicious.4ba49b
MaxSecureTrojan.Malware.300983.susgen

How to remove Win64/Packed.Autoit.E?

Win64/Packed.Autoit.E removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment