Trojan

Should I remove “Trojan.Win32.Ekstak.abisc”?

Malware Removal

The Trojan.Win32.Ekstak.abisc is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.abisc virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan.Win32.Ekstak.abisc?



File Info:

name: E27148B72E67686B635E.mlw
path: /opt/CAPEv2/storage/binaries/0d387f87ee2b499f74a8c4ccce522b42896adb87ae8a853a72bd4653387cce63
crc32: 23D26C24
md5: e27148b72e67686b635e01ad9926018b
sha1: edf55ea60bd9460f8cd10f8f15b06fff9ed1ca99
sha256: 0d387f87ee2b499f74a8c4ccce522b42896adb87ae8a853a72bd4653387cce63
sha512: 2185a2e63dd3720cc2634ba328ff3ee1523faf1affae5768b1d20870dce3d747d1a132671da6ac2e4e61a01d94f28f26788999887d5f6114880794c3607a2892
ssdeep: 49152:RU8Dw1gC/AJFCx0/oukRd+0aM6Q+mHOd0sIDB7u+TaDa+JaUK7tO4g9eHRsaj:aT/AJyfukR0A+7pOrcMUKROTaj
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F7D53356A3FD88C6D5E2CFB9D916C3A8C7D1696A0B41896F0F6CCDBF28025C756C0262
sha3_384: eaf4cb4d101a1902fddec59d037fd39af2ab680837c0214a4705b93631cafc0d5a4dabd8519f2389d0f4b03bc0ccc4fe
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2009-12-05 22:50:46


Version Info:

FileVersion: 400.1.1002.0
ProductName: WebPlugin 400.1.1002.0
ProductVersion: 400.1.1002.0
Translation: 0x0000 0x0000

Trojan.Win32.Ekstak.abisc also known as:

LionicTrojan.Win32.Ekstak.4!c
MicroWorld-eScanTrojan.GenericKD.63413972
FireEyeTrojan.GenericKD.63413972
McAfeeArtemis!E27148B72E67
ZillyaTrojan.Ekstak.Win32.57424
SangforTrojan.Win32.Ekstak.Vnh0
AlibabaTrojan:Win32/Ekstak.b29f4490
Cybereasonmalicious.72e676
BitDefenderThetaGen:NN.ZedlaF.36318.pm8fa0Zc@ddi
APEXMalicious
KasperskyTrojan.Win32.Ekstak.abisc
BitDefenderTrojan.GenericKD.63413972
AvastFileRepMalware [Misc]
EmsisoftTrojan.GenericKD.63413972 (B)
VIPRETrojan.GenericKD.63413972
McAfee-GW-EditionBehavesLike.Win32.Dropper.vc
SophosMal/Generic-S
GDataTrojan.GenericKD.63413972
JiangminTrojan.Ekstak.ayny
MAXmalware (ai score=85)
XcitiumTrojWare.Win32.TrojanDownloader.Dadobra.~JH9@1qlqpa
ArcabitTrojan.Generic.D3C79ED4
ZoneAlarmTrojan.Win32.Ekstak.abisc
ALYacTrojan.GenericKD.63413972
Cylanceunsafe
TrendMicro-HouseCallTROJ_GEN.R002H09GS23
RisingTrojan.Ekstak!8.EB77 (CLOUD)
YandexTrojan.Ekstak!PpK0WHMIjF8
AVGFileRepMalware [Misc]
DeepInstinctMALICIOUS
CrowdStrikewin/grayware_confidence_60% (D)

How to remove Trojan.Win32.Ekstak.abisc?

Trojan.Win32.Ekstak.abisc removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment