Content

AutoHotKey

Type
Program
SubType
Win32
Discovery Date
05/21/2007
Length
Minimum DAT
5035 (05/21/2007)
Updated DAT
5342 (07/18/2008)
Minimum Engine
5.1.00
Description Added
05/21/2007
Description Modified
07/14/2008 1:58 AM (PT)
Risk Assessment
Corporate User
N/A
Home User
N/A

Tab Navigation

Characteristics

AutoHotKey is a script language for Microsoft Windows allowing a user to automate basic actions like accessing files, modifying the registry, launching applications or downloading files. It also allows to define new keyboard and mouse shortcuts.

AutoHotKey scripts can be run on systems where the AutoHotKey interpreter is installed or compiled as standalone binaries.
 
Malicious programs generated with AutoHotKey are generally compiled as standalone binaries, allowing them to run even if the AutoHotKey interpreter is not installed.

AutoHotkey compiled binaries are always packed, allowing to hide malicious code, and making them potentially undesirable in corporate environments.

Such binaries are likely to have a size greater than 200KB.

Several worms written in the AutoHotKey language have been seen in the wild.

Symptoms

Method of Infection

Removal

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

Characteristics

Characteristics -

AutoHotKey is a script language for Microsoft Windows allowing a user to automate basic actions like accessing files, modifying the registry, launching applications or downloading files. It also allows to define new keyboard and mouse shortcuts.

AutoHotKey scripts can be run on systems where the AutoHotKey interpreter is installed or compiled as standalone binaries.
 
Malicious programs generated with AutoHotKey are generally compiled as standalone binaries, allowing them to run even if the AutoHotKey interpreter is not installed.

AutoHotkey compiled binaries are always packed, allowing to hide malicious code, and making them potentially undesirable in corporate environments.

Such binaries are likely to have a size greater than 200KB.

Several worms written in the AutoHotKey language have been seen in the wild.

Symptoms

Symptoms -

Method of Infection

Method of Infection -

Removal -

Removal -

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A