Trojan

Trojan.Win32.Ekstak.almbs removal instruction

Malware Removal

The Trojan.Win32.Ekstak.almbs is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.almbs virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Likely virus infection of existing system binary

How to determine Trojan.Win32.Ekstak.almbs?



File Info:

name: 99BFBF5F7ABA04B15562.mlw
path: /opt/CAPEv2/storage/binaries/b384608a84567766af892632926dd9532805862936ad9e5cfeb7caa17d739201
crc32: B755653D
md5: 99bfbf5f7aba04b155620ee2140910eb
sha1: b392653f64ef1e784d500b560179bff505f63735
sha256: b384608a84567766af892632926dd9532805862936ad9e5cfeb7caa17d739201
sha512: d379fb6ab1afa46397d1373aafcb2a7bb0303d1dcf5f7a1d0b592095c80f53d9506f7c53eaa55dd3bfeb4f094c6fe74ae6a4c7f2a28d0b388fe884beba9ed33b
ssdeep: 98304:MJAfrgKD57bxKPADpm3cBw+wTvMxlMeGipP7+xlEqFd+Mfxe3E+Jf/ulaw:90KD1bxQ3SEvu4i1s+JU+egw
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D9563301F18392FFD9A5F23C07736E0C65D13D76AB7CB9B0610DA251EFBE4540A1AA1A
sha3_384: 39cded778326cbb4e5376d9bd2b83a233a5f404d60caaa416732958e63eae179eae65174df95bf7bd9f7670eebe7e858
ep_bytes: 558bec83c4cc53565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Akajlp Software                                             
FileDescription: DE Catalog Professional Setup                               
FileVersion:                     
LegalCopyright:                                                                                                     
Translation: 0x0409 0x04e4

Trojan.Win32.Ekstak.almbs also known as:

CylanceUnsafe
K7AntiVirusTrojan ( 005722f11 )
K7GWTrojan ( 005722f11 )
CyrenW32/Agent.DZH.gen!Eldorado
SymantecTrojan.Gen.2
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
TrendMicro-HouseCallTROJ_GEN.R002H0CAK22
KasperskyTrojan.Win32.Ekstak.almbs
AvastWin32:Adware-gen [Adw]
TencentWin32.Trojan.Ekstak.Hwdb
McAfee-GW-EditionBehavesLike.Win32.Dropper.vc
SophosMal/Generic-S
JiangminTrojan.Ekstak.bvaj
MicrosoftTrojan:Win32/Sabsik!ml
ZoneAlarmTrojan.Win32.Ekstak.almbs
GDataWin32.Backdoor.Bodelph.B1QDIG
McAfeeArtemis!99BFBF5F7ABA
VBA32Trojan.Ekstak
MalwarebytesAdware.DownloadAssistant
FortinetRiskware/Agent
AVGWin32:Adware-gen [Adw]

How to remove Trojan.Win32.Ekstak.almbs?

Trojan.Win32.Ekstak.almbs removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment