Trojan.EkstakPMF.S16919571 (file analysis)

The Trojan.EkstakPMF.S16919571 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan.EkstakPMF.S16919571 virus can do?

Unconventionial language used in binary resources: Russian
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Trojan.EkstakPMF.S16919571?


File Info:
name: BF8B6CB16D86EFFCFAB9.mlw
path: /opt/CAPEv2/storage/binaries/025b5e278f29c960a0b81609fb1a9ccbf944c18e428bfbb482daeca324921512
crc32: BDD0CA77
md5: bf8b6cb16d86effcfab96854d1fe74a0
sha1: bfb65a3110eecdfd939aaba1114886ed0cec8778
sha256: 025b5e278f29c960a0b81609fb1a9ccbf944c18e428bfbb482daeca324921512
sha512: 56c53c7a40dd6114b62a0b6198f1fb3ae1b57e30af7af4bf4540c3b259190470ddd5e5b59c7fbd6af63b07bb25d8bf23ede69a0373bd326204d50e6d204ae56e
ssdeep: 98304:CqDYfRpNi3gFIs84CXAeprTDcvoUED5RwGJe:CLRp44CTdT4QUED8
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T196F501636490C1B2D0D6A636D52BACF573722D9FE510A8BF99BD7D907EBE143E00A403
sha3_384: 07f14ae1b7ded06d9f68ba1de1d94dcf50ae0f5d8ec73167d4ef5417f00d28258721d64404bdaa87345fde4ed61857ab
ep_bytes: 558bec6aff689034640068302d640064
timestamp: 2020-11-15 02:44:17

Version Info:
0: [No Data]

Trojan.EkstakPMF.S16919571 also known as:

Bkav	W32.AIDetect.malware1
Lionic	Trojan.Win32.Ekstak.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.Zadved.1661
MicroWorld-eScan	Trojan.GenericKDZ.71408
FireEye	Generic.mg.bf8b6cb16d86effc
CAT-QuickHeal	Trojan.EkstakPMF.S16919571
ALYac	Trojan.GenericKDZ.71408
Malwarebytes	Adware.DownloadAssistant
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (W)
Alibaba	Trojan:Win32/Ekstak.c1edb51f
K7GW	Trojan ( 0056252b1 )
K7AntiVirus	Trojan ( 0056252b1 )
BitDefenderTheta	Gen:NN.ZexaE.34182.CBW@aC3qnWkk
Cyren	W32/Kryptik.CKH.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HAYM
ClamAV	Win.Packed.Generic-9794132-0
Kaspersky	HEUR:Trojan.Win32.Ekstak.vho
BitDefender	Trojan.GenericKDZ.71408
NANO-Antivirus	Trojan.Win32.Ekstak.icgpwr
Avast	Win32:AdwareX-gen [Adw]
Comodo	Malware@#1ohtmx0lyrwv7
Zillya	Trojan.Kryptik.Win32.2656145
SentinelOne	Static AI – Malicious PE
Emsisoft	Trojan.GenericKDZ.71408 (B)
Ikarus	Trojan.Win32.Crypt
Jiangmin	Trojan.Ekstak.bnue
Avira	HEUR/AGEN.1207516
Antiy-AVL	Trojan/Generic.ASMalwS.3100235
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	HEUR:Trojan-Downloader.Win32.Razy.gen
GData	Trojan.GenericKDZ.71408
Cynet	Malicious (score: 100)
AhnLab-V3	PUP/Win32.DownloadAssistant.R355659
VBA32	BScope.Trojan.Ekstak
APEX	Malicious
Rising	Trojan.Kryptik!1.AA23 (CLOUD)
MAX	malware (ai score=89)
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.GZFR!tr
AVG	Win32:AdwareX-gen [Adw]
Cybereason	malicious.16d86e
Panda	Trj/Genetic.gen

How to remove Trojan.EkstakPMF.S16919571?

Trojan.EkstakPMF.S16919571 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X