Win32/AHK [Threat Name] go to Threat

Win32/AHK.X [Threat Variant Name]

Category trojan
Size 334848 B
Detection created Jun 10, 2013
Detection database version 8433
Aliases Trojan.Win32.Scar.hohp (Kaspersky)
  Trojan:AutoIt/Kilim.A (Microsoft)
Short description

Win32/AHK.X is a trojan which tries to download other malware from the Internet. The file is run-time compressed using UPX .

Installation

When executed, the trojan copies itself into the following location:

  • %appdatadrive%\­Windows\­AdobeFlash\­%originalmalwarefilename%

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "AdobeFlashUpdateManager" = "%appdatadrive%\­Windows\­AdobeFlash\­%originalmalwarefilename%"

The trojan creates the following files:

  • %temp%\­tempOne.dat (30 B)
  • %windir%\­AdobeFlash\­update.xml
Other information

Win32/AHK.X is a trojan which tries to download other malware from the Internet.


The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a URL address. The HTTP protocol is used.


The trojan tries to download a file from the Internet.


The file is stored in the following location:

  • %windir%\­AdobeFlash\­%variable%

A string with variable content is used instead of %variable% .


The following Registry entry is set:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Policies\­Google\­Chrome\­ExtensionInstallForcelist]
    • "1" = "%variable%;%appdatadrive%\­Windows\­AdobeFlash\­update.xml"

The following programs are terminated:

  • Chrome.exe

Please enable Javascript to ensure correct displaying of this content and refresh this page.