Trojan.Win32.Ekstak.akcpq information

The Trojan.Win32.Ekstak.akcpq is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Win32.Ekstak.akcpq virus can do?

Behavioural detection: Executable code extraction – unpacking
Creates RWX memory
Dynamic (imported) function loading detected
Enumerates running processes
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Drops a binary and executes it
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

Related domains:

wpad.local-net

grigblog.club

How to determine Trojan.Win32.Ekstak.akcpq?


File Info:
name: D07EDBD2B832A7C2E19F.mlw
path: /opt/CAPEv2/storage/binaries/38412e3ffa969207c9c77948ab3786289874ec23170b2e10ebdffdaa460fc964
crc32: 2989CA8B
md5: d07edbd2b832a7c2e19f46849cf96273
sha1: ba20b6a6046a84e2f4f6311d9e329b7ef67d4196
sha256: 38412e3ffa969207c9c77948ab3786289874ec23170b2e10ebdffdaa460fc964
sha512: 91ca6c66e0becd16baba807a40ceadd09c2947c7170fa7d7e92a938fb3a3e7a998b44f29cf0fae68b259f55b84e361fdc9cb1067e5382ed755704f3bc0163ca2
ssdeep: 98304:PX4B6aAP1w9ZfEC5d5qjnoc1197yazx14:vDj1w99N5d5q8MH7ya0
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D4161227B298653EC4AE37314A73A15058FBB66DF417BE1623E4C88DCF660C01E3A765
sha3_384: d2b3395def773809e4a0804870a74b2e863f3d4470283d82678823f1790a72a3b09e9a37f8232bec42927748637de868
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2019-04-27 08:22:11

Version Info:
Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: Vel Setup                                                   
FileVersion:                     
LegalCopyright:                                                                                                     
OriginalFileName:                                                   
ProductName: Vel                                                         
ProductVersion: 6.8.1.8                                           
Translation: 0x0000 0x04b0

Trojan.Win32.Ekstak.akcpq also known as:

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Ekstak.4!c
Elastic	malicious (high confidence)
McAfee	Artemis!D07EDBD2B832
Cylance	Unsafe
Sangfor	Trojan.Win32.Ekstak.akcpq
K7AntiVirus	Trojan ( 005722f11 )
Alibaba	TrojanDropper:Win32/Ekstak.1f0af029
K7GW	Trojan ( 005722f11 )
Cyren	W32/Agent.CKL.gen!Eldorado
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win32/TrojanDropper.Agent.SLC
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 99)
Kaspersky	Trojan.Win32.Ekstak.akcpq
Avast	NSIS:Downloader-ADB [Trj]
McAfee-GW-Edition	BehavesLike.Win32.CSDImonetize.rc
Sophos	Mal/Generic-S + Troj/Agent-BGXK
SentinelOne	Static AI – Malicious PE
GData	Win32.Backdoor.Bodelph.WFM1FY
Avira	HEUR/AGEN.1142804
Microsoft	Trojan:Win32/Wacatac.B!ml
VBA32	Trojan.Ekstak
Malwarebytes	Adware.DownloadAssistant
Tencent	Win32.Trojan.Ekstak.Wozm
Ikarus	PUA.Optional.Install
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	Malicious_Behavior.SB
Webroot	W32.Adware.Gen
AVG	NSIS:Downloader-ADB [Trj]
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Trojan.Win32.Ekstak.akcpq?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Trojan.Win32.Ekstak.akcpq information