Trojan

About “Trojan.Win32.Ekstak.ahfet” infection

Malware Removal

The Trojan.Win32.Ekstak.ahfet is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.ahfet virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Sniffs keystrokes
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Exhibits possible ransomware file modification behavior
  • Attempts to identify installed AV products by installation directory

Related domains:

opengolad.com

How to determine Trojan.Win32.Ekstak.ahfet?



File Info:

name: FCC291EE33DA916C9F52.mlw
path: /opt/CAPEv2/storage/binaries/c06242a8bdbddb369fe29baf9cdb74f8c7f74a24af99d7eea9a7de829c5df834
crc32: 303A2904
md5: fcc291ee33da916c9f525b24aa99e719
sha1: 57b35fc63a12ff04279642e60881d53c1d117fef
sha256: c06242a8bdbddb369fe29baf9cdb74f8c7f74a24af99d7eea9a7de829c5df834
sha512: a007c235abb3f47e80133947621872bce5b8464eda202d36378ef47c2e43ec5ce46b3c6f4ef53885d7984fcb550b521724f872abae09ab1a8b7ac2319ec23604
ssdeep: 196608:dygLe5SO5lpaJ6nrGt3TV6Epn+vD7YDlPHTyX/8Enr:dy/Ds6nKtx9pn+vDAFHTyX0cr
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T199B6233FB2A8653ED56B4B3246B3A3605977BA61691BCC1E07F0090CDF269701F3E616
sha3_384: 7789e79f3718d6543996867045d521f257f429e681e93352f3b8fae03dc97fdb019e97d98b70d40683b694b6e8a86502
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2020-05-21 05:56:23


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: TSX Software, LLC                                           
FileDescription: Er Player Setup                                             
FileVersion: 0.0.0.0             
LegalCopyright:                                                                                                     
OriginalFileName:                                                   
ProductName: Er Player                                                   
ProductVersion: 1.5.3.35                                          
Translation: 0x0000 0x04b0

Trojan.Win32.Ekstak.ahfet also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.35099598
FireEyeTrojan.GenericKD.35099598
McAfeeArtemis!FCC291EE33DA
CylanceUnsafe
SangforTrojan.Win32.Wacatac.C
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojanDropper:Win32/Ekstak.dfc0d054
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.e33da9
CyrenW32/Agent.CWL.gen!Eldorado
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.Ekstak.ahfet
BitDefenderTrojan.GenericKD.35099598
NANO-AntivirusTrojan.Win32.Ekstak.icykcv
AvastWin32:Trojan-gen
TencentWin32.Trojan.Ekstak.Ehhq
Ad-AwareTrojan.GenericKD.35099598
EmsisoftTrojan.GenericKD.35099598 (B)
McAfee-GW-EditionBehavesLike.Win32.Dropper.vc
SophosMal/Generic-S
GDataTrojan.GenericKD.35099598
AviraHEUR/AGEN.1144245
ArcabitTrojan.Generic.D21793CE
MicrosoftTrojan:Win32/Bluteal!rfn
CynetMalicious (score: 99)
VBA32Trojan.Ekstak
ALYacTrojan.GenericKD.35099598
MAXmalware (ai score=86)
MalwarebytesAdware.DownloadAssistant
YandexTrojan.Ekstak!7l5zAnEAqlg
IkarusTrojan-Dropper.Win32.Agent
FortinetW32/Agent.SLC!tr
WebrootW32.Adware.Gen
AVGWin32:Trojan-gen
PandaTrj/CI.A

How to remove Trojan.Win32.Ekstak.ahfet?

Trojan.Win32.Ekstak.ahfet removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment