Trojan

Trojan.Win32.Ekstak.ahtnw (file analysis)

Malware Removal

The Trojan.Win32.Ekstak.ahtnw is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.ahtnw virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to identify installed AV products by installation directory

How to determine Trojan.Win32.Ekstak.ahtnw?



File Info:

name: 4F3722883D0D70EFAECC.mlw
path: /opt/CAPEv2/storage/binaries/b3b3f6126362d9c5c47f2ed63ad35729f844648c1ba818805e744a0dd4c1b0ea
crc32: C5E110F5
md5: 4f3722883d0d70efaecc3993e1548d2b
sha1: 7769866468705e1c0a316bdaa34c2c4634d0ccf7
sha256: b3b3f6126362d9c5c47f2ed63ad35729f844648c1ba818805e744a0dd4c1b0ea
sha512: 2db76cf168094da6615164b95e11cd8cc2638909fedd5d694a8ea79f92b14af841817db500c6875f18583a35b99d10f0f5fd19c3c2f1a932f590d34d4a020494
ssdeep: 196608:LEMw4YWJL78poQywrFkSEWSJvQCPYHX6wRX/UcVE8wM+o1hvQrzDyQ:LEM30zyoFkf35QCPYPPNVwMR1h0zDyQ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E0D633705A21D83FE8D10AFC68E165D94A38B835001AF535E6491E8CFF3CAC1DE67B89
sha3_384: dc0b5cb57ed8ed1ca6cd1ad01518b5a2831e9b8835a02ac1472639b2d048703547f9ee5cdb97da79e663eb828a2c2b7f
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Gbsoft Corporation                                          
FileDescription: Ideo Converter                                              
FileVersion: 1.0.0.2             
LegalCopyright:                                                                                                     
ProductName: Ideo Converter 6.2.0.7271                                   
ProductVersion: 1.0.0.2                                           
Translation: 0x0000 0x04b0

Trojan.Win32.Ekstak.ahtnw also known as:

LionicTrojan.Win32.Ekstak.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Zadved.1661
CylanceUnsafe
SangforTrojan.Win32.Woreflint.A
K7AntiVirusTrojan ( 005722fe1 )
AlibabaTrojanDropper:Win32/Ekstak.62fb70ff
K7GWTrojan ( 005722fe1 )
SymantecTrojan.Gen.2
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
Paloaltogeneric.ml
KasperskyTrojan.Win32.Ekstak.ahtnw
AvastWin32:AdwareX-gen [Adw]
TencentWin32.Trojan.Ekstak.Pepz
McAfee-GW-EditionBehavesLike.Win32.Dropper.rc
SophosMal/Generic-S
JiangminTrojan.Ekstak.boan
AviraHEUR/AGEN.1141626
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3PUP/Win32.DownloadAssistant.R360466
McAfeeArtemis!4F3722883D0D
VBA32Trojan.Ekstak
MalwarebytesAdware.DownloadAssistant
IkarusTrojan-Dropper.Win32.Agent
FortinetW32/Agent.SLC!tr
AVGWin32:AdwareX-gen [Adw]

How to remove Trojan.Win32.Ekstak.ahtnw?

Trojan.Win32.Ekstak.ahtnw removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment