Trojan

Trojan.Dropper.EKS (file analysis)

Malware Removal

The Trojan.Dropper.EKS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Dropper.EKS virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the embedded win api malware family
  • Created a service that was not started
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan.Dropper.EKS?



File Info:

name: CE439F829BDA58CCEC07.mlw
path: /opt/CAPEv2/storage/binaries/fcc3ddb5ae637cafd5a772eafcb542829bbeaebc0957e5f1fa2f1e2f4d6d5e6b
crc32: 3CA38F51
md5: ce439f829bda58ccec07ded19c4cb395
sha1: 67792c054ae05a110da309fd7c7ca885900fb9e4
sha256: fcc3ddb5ae637cafd5a772eafcb542829bbeaebc0957e5f1fa2f1e2f4d6d5e6b
sha512: 4246a43c41e0bc8a15d33e5e10cf06876bd70350e0227f2491ef3496bb1397a5d0e8a8d505a4121459ad98419c60a58ec5f9a40aab372ea5a20a1d6c4ef965d3
ssdeep: 196608:pJkq2Ksz1dswbJrD3Bn69Rgt2WycnKnsadSTes4dD:T4Ke8wNBn8Rgt+cnKsasTehdD
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17086330AE0AD493EC62A3A305F13415250B3BF411B72709CB68D99FB1BFABF496C5761
sha3_384: 52b9f56fa92874332f27e91a7bf4441c46ff097bc5f7076011103e47f403ba0f823c6f866d62162a8f0c54e3948f16b9
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 2023-12-23 16:46:54


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: STDDataManage Setup                                         
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: STDDataManage                                               
ProductVersion: 1.2.2.3             
Translation: 0x0000 0x04b0

Trojan.Dropper.EKS also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Ekstak.4!c
MicroWorld-eScanTrojan.Generic.34630403
FireEyeTrojan.Generic.34630403
SkyhighBehavesLike.Win32.ObfuscatedPoly.wc
ALYacTrojan.Generic.34630403
MalwarebytesTrojan.Dropper.EKS
ZillyaTrojan.Ekstak.Win32.76378
SangforDropper.Win32.Ekstak.Vt00
K7AntiVirusTrojan ( 005722f11 )
AlibabaTrojanDropper:Win32/Ekstak.d2a20ee0
K7GWTrojan ( 005722f11 )
SymantecTrojan.Gen.MBT
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
CynetMalicious (score: 100)
APEXMalicious
KasperskyTrojan.Win32.Ekstak.asynz
BitDefenderTrojan.Generic.34630403
AvastOther:Malware-gen [Trj]
TencentWin32.Trojan.Ekstak.Zfow
F-SecureTrojan.TR/Drop.Agent.jnmwf
DrWebTrojan.Siggen22.49978
VIPRETrojan.Generic.34630403
TrendMicroTROJ_GEN.R002C0DAF24
SophosMal/Generic-S
IkarusTrojan-Dropper.Win32.Agent
AviraTR/Drop.Agent.jnmwf
KingsoftWin32.Trojan.Ekstak.asynz
ArcabitTrojan.Generic.D2106B03
ViRobotTrojan.Win.Z.Agent.8129559.DX
ZoneAlarmTrojan.Win32.Ekstak.asynz
GDataTrojan.Generic.34630403
VaristW32/Agent.SUWR-8531
AhnLab-V3Trojan/Win.Malware-gen.C5566514
MAXmalware (ai score=84)
Cylanceunsafe
TrendMicro-HouseCallTROJ_GEN.R002C0DAF24
MaxSecureTrojan.Malware.221808987.susgen
FortinetW32/Agent.SLC!tr
AVGOther:Malware-gen [Trj]
PandaTrj/Genetic.gen

How to remove Trojan.Dropper.EKS?

Trojan.Dropper.EKS removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment