Trojan

Trojan.Win32.Ekstak.akeqz removal instruction

Malware Removal

The Trojan.Win32.Ekstak.akeqz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.akeqz virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

Related domains:

grigblog.club
wpad.local-net

How to determine Trojan.Win32.Ekstak.akeqz?



File Info:

name: 6BBDE1E9CCE5066CD389.mlw
path: /opt/CAPEv2/storage/binaries/f3622cb59356f4a8b1f73199842d13db728950ba256632aa9b3553fa0ef1c4ee
crc32: 3A8FF63E
md5: 6bbde1e9cce5066cd389fe77d8154fa8
sha1: 9d066792413b4584d553631e44af0ab38ea40112
sha256: f3622cb59356f4a8b1f73199842d13db728950ba256632aa9b3553fa0ef1c4ee
sha512: b1f6e0079132ac25e73619a737b57e37896edf10ecb84330b3832c80d8425799117725510f91bed300c62e2d05466a9392e7c59e36b4c6bdc6790b7b9c4dfad8
ssdeep: 98304:PX4+ojkqZNOIgZlMJtyVxNxlV1eyazx14:vLXMyVvGya0
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B8060227B298A53EC0AE27354673A01054FBB66DF427BE1637F4C48DCF660C11E3AA65
sha3_384: 11e05b6de7a103f90e177a5113ecbb251488a2e999e007539479d6f3cb87db474104c1b446f0de67eeaa302958882167
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2019-04-27 08:22:11


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: Est Setup                                                   
FileVersion:                     
LegalCopyright:                                                                                                     
OriginalFileName:                                                   
ProductName: Est                                                         
ProductVersion: 5.15.12.3                                         
Translation: 0x0000 0x04b0

Trojan.Win32.Ekstak.akeqz also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
CylanceUnsafe
K7AntiVirusTrojan ( 005722f11 )
AlibabaTrojanDropper:Win32/Ekstak.613b4863
K7GWTrojan ( 005722f11 )
CyrenW32/Agent.CRS.gen!Eldorado
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
Paloaltogeneric.ml
CynetMalicious (score: 99)
KasperskyTrojan.Win32.Ekstak.akeqz
AvastNSIS:Downloader-ADB [Trj]
TencentWin32.Trojan.Ekstak.Wsav
McAfee-GW-EditionBehavesLike.Win32.CSDImonetize.wc
SophosMal/Generic-R + Troj/Agent-BGXK
IkarusPUA.Optional.Install
MaxSecureTrojan.Malware.121218.susgen
AviraHEUR/AGEN.1142804
MicrosoftTrojan:Win32/Wacatac.B!ml
McAfeeArtemis!6BBDE1E9CCE5
MalwarebytesAdware.DownloadAssistant
APEXMalicious
SentinelOneStatic AI – Suspicious PE
FortinetW32/Agent.8964!tr
AVGNSIS:Downloader-ADB [Trj]
PandaTrj/CI.A

How to remove Trojan.Win32.Ekstak.akeqz?

Trojan.Win32.Ekstak.akeqz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment