Win32/Injector.Autoit.HW [Threat Name] go to Threat

Win32/Injector.Autoit.HW [Threat Variant Name]

Category trojan
Size 677769 B
Detection created Apr 05, 2013
Detection database version 8199
Aliases Trojan.Win32.Autoit.bag (Kaspersky)
Short description

Win32/Injector.Autoit.HW is a trojan that installs Win32/CoinMiner.CA malware.

Installation

When executed, the trojan copies itself into the following location:

  • %appdata%\­%variable%.exe

A string with variable content is used instead of %variable% .


In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "%variable%" = "%appdata%\­%variable%.exe"
Other information

The trojan contains the program code of the following malware:

  • Win32/CoinMiner.CA

The following programs are terminated:

  • taskmgr.exe

The trojan runs the following process:

  • taskmgr.exe -t 1 -g no -o http://minin%removed%7 -u 15p86j%removed% -p x%removed%

The trojan creates and runs a new thread with its own code within these running processes.


The trojan uses the hardware resources of the infected computer for mining the Bitcoin digital currency.

Please enable Javascript to ensure correct displaying of this content and refresh this page.