About “Trojan.Win32.Ekstak.alyek” infection

The Trojan.Win32.Ekstak.alyek is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Win32.Ekstak.alyek virus can do?

• Behavioural detection: Executable code extraction – unpacking
• SetUnhandledExceptionFilter detected (possible anti-debug)
• Yara rule detections observed from a process memory dump/dropped files/CAPE
• Creates RWX memory
• Anomalous file deletion behavior detected (10+)
• A process attempted to delay the analysis task.
• Dynamic (imported) function loading detected
• Performs HTTP requests potentially not found in PCAP.
• A named pipe was used for inter-process communication
• Reads data out of its own binary image
• CAPE extracted potentially suspicious content
• Drops a binary and executes it
• The binary contains an unknown PE section name indicative of packing
• The binary likely contains encrypted or compressed data.
• Authenticode signature is invalid
• Uses Windows utilities for basic functionality
• Behavioural detection: Transacted Hollowing
• Collects and encrypts information about the computer likely to send to C2 server
• Creates a hidden or system file
• Likely virus infection of existing system binary
• Detects Bochs through the presence of a registry key

How to determine Trojan.Win32.Ekstak.alyek?

File Info:
name: 713ABE28D220EAB0E5E1.mlw
path: /opt/CAPEv2/storage/binaries/9e1c71b201a208ab369b7532539d90cdee2b4afcb2902e2de7c1c8f1428e32aa
crc32: 9D2FCFB0
md5: 713abe28d220eab0e5e152ccfb1cabb7
sha1: 2cc807bb828df2b49b2827644a5f950cdc2ec0f5
sha256: 9e1c71b201a208ab369b7532539d90cdee2b4afcb2902e2de7c1c8f1428e32aa
sha512: b732e7dbfddba6be86f4da6a6070b97cfc742061d67043b95bb367ba10bc456f021c8a48b0dd21020f59a199f13f88c75b3b6080b3ddd51046a30013da27b80e
ssdeep: 49152:sGlJfsEB0oKGMZFXOOQjDozs7tx7mdOyM5eWZwdVAyJo8ADzYozn9Ux2tasC3oIm:RBBLKzoPZx7+A1wdycoqGPYpGDFoKMkn
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1023633252C5A8839D4F2E2B8DD91EAE8047B7D55ECE8103F151D31D4B7B8EDABEC8121
sha3_384: 0b25363fa0d8c64854b5de9e7e114b930166354bb9bfd665e798896fa84f3781d3d704e04e0fb7f91a22d816f86e2bdf
ep_bytes: 558bec83c4cc53565733c08945f08945
timestamp: 1992-06-19 22:22:17

Version Info:
Comments: This installation was built with Inno Setup.
CompanyName: http://ndsoftware.com/                                      
FileDescription: Secure Wipe Setup                                           
FileVersion:                     
LegalCopyright:                                                                                                     
Translation: 0x0409 0x04e4

Trojan.Win32.Ekstak.alyek also known as:

How to remove Trojan.Win32.Ekstak.alyek?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.