» AutoIt3.exe
Overview
Analysis
File Details
Behaviors (1)

AutoIt3.exe

AutoIt v3 Script

AutoIt Team

The executable AutoIt3.exe has been detected as malware by 14 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘AdopeFlash’. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.

File name:

AutoIt3.exe

Publisher:

AutoIt Team

Product:

AutoIt v3 Script

Version:

3, 3, 8, 1

MD5:

c6b7625e1cb8ed84e962bdef387e75db

SHA-1:

3b032105ebf3c948998e6609651b67ca96d6c3af

SHA-256:

2ab8977fda8089b32a0dbb74969648175e4f52072e2a80e8c3406e209446c554

Scanner detections:

14 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/19/2024 1:56:45 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.3

5813571

Avira AntiVirus

W32/Sality.AG

7.11.30.172

avast!

Win32:Kukacka

160118-1

AVG

Win32/Sality

2015.0.4477

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

10.0.0.5366

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Prot

W32/Sality.gen2

4.6.5.141

F-Secure

Win32.Sality.3

5.15.21

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Norman

Win32.Sality.3

11.01.2016 17:30:26

Sophos

Virus 'Mal/Sality-D'

5.22

VIPRE Antivirus

Threat.4721115

46800

File size:

808.7 KB (828,144 bytes)

Product version:

3, 3, 8, 1

Original file name:

AutoIt3.exe

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

File PE Metadata

Compilation timestamp:

1/29/2012 11:32:28 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:9BzZm7d7AZAYJVB7ii/XAvKxRJBnwvogSJ4M4G4auLzzV+XMhN5DGDySj022:3cNeJVBvXAvwRJdwvZ5auLl+XyN5DGF2

Entry address:

0x164E1

Entry point:

60, F7, C0, D8, 5F, AB, A5, 87, D9, F6, C7, 22, 68, 60, EE, 90, 00, 0F, B7, E9, 69, E8, E9, 70, EB, 22, F6, C7, 37, 8A, EA, BE, 00, 00, 00, 00, 88, E2, FF, C5, F2, F2, 45, BD, 82, 0A, D4, 24, 81, C6, F4, 59, F3, FF, 8B, C6, C7, C0, 59, 7F, 69, 16, 81, C6, 0D, A6, 0C, 00, 69, D6, AA, 7C, 9A, 02, 15, 31, 35, FA, 1F, 19, D5, 0F, BE, FA, 81, FE, 83, 09, 00, 00, 0F, 86, C4, FF, FF, FF, B9, 42, BF, 96, 84, 12, D1, 84, D6, F2, 80, EC, 8B, E8, 67, 00, 00, 00, 32, C4, 1C, 63, C6, C0, DC, 85, ED, 3B, ED, 73, 0A, C7... 
[+]

Entropy:

6.9210

Code size:

513.5 KB (525,824 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

AdopeFlash

Command:

C:\google\autoit3.exe \autoit3executescript C:\google\googleupdate.a3x

Remove AutoIt3.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.