Trojan

Trojan.Win32.Ekstak.amaqc removal instruction

Malware Removal

The Trojan.Win32.Ekstak.amaqc is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.amaqc virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing
  • Collects and encrypts information about the computer likely to send to C2 server
  • Creates a hidden or system file
  • Likely virus infection of existing system binary

How to determine Trojan.Win32.Ekstak.amaqc?



File Info:

name: 32ADE0D8A1A31D5DBA7C.mlw
path: /opt/CAPEv2/storage/binaries/c016a5761616f0383a8508a860417f76008c9c79bc2fbf5e0528bbe19a892a4c
crc32: CDFA1B03
md5: 32ade0d8a1a31d5dba7cec4d5d917495
sha1: e7b92f1508b00d7e0596a49289a8da62f06de257
sha256: c016a5761616f0383a8508a860417f76008c9c79bc2fbf5e0528bbe19a892a4c
sha512: c7f01906eaae1aed650e5573eb21494c3939db3c9d6cc2bf162fbb32ba64646d204a3753e146d29b702f923fe3bef01a7e91817abf883b676cbe0e395860a833
ssdeep: 196608:bxotrlkGu/xMCtGlAxbqFVCwg4hSH20WcEn:6teKCt/d2VCwgv20WcQ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19F76339221E7547FC13226B3895BD60AB8297E58873004EAC5ECB54A7AF9B435DDC3C3
sha3_384: 6559450ead556ae47aa52da892c2cd1bf0f7862d0ce8ee545ebc5e295e88527628b16f17df7d1e70c3407245c05a502b
ep_bytes: 558bec83c4d453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup: http://www.innosetup.com
CompanyName: Syneu                                                       
FileDescription: Syneu PC Cleaner Setup                                      
FileVersion:                     
InternalName: 
OriginalFilename: 
ProductName: 
ProductVersion: 
Translation: 0x0409 0x04e4

Trojan.Win32.Ekstak.amaqc also known as:

CylanceUnsafe
SangforTrojan.Win32.Sabsik.FL
K7AntiVirusTrojan ( 005722fe1 )
K7GWTrojan ( 005722fe1 )
SymantecTrojan.Gen.2
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
KasperskyTrojan.Win32.Ekstak.amaqc
AvastWin32:Trojan-gen
TencentWin32.Trojan-dropper.Agent.Ljkn
EmsisoftAdware.Downloader (A)
McAfee-GW-EditionBehavesLike.Win32.AdwareFileTour.wc
SophosMal/Generic-S
GDataWin32.Backdoor.Bodelph.JTYN1A
WebrootW32.Adware.Downloadassistant
MicrosoftTrojan:Win32/Wacatac.B!ml
McAfeeArtemis!32ADE0D8A1A3
MalwarebytesAdware.DownloadAssistant
TrendMicro-HouseCallTROJ_GEN.R002H0DE822
FortinetW32/Agent.SLC!tr
AVGWin32:Trojan-gen

How to remove Trojan.Win32.Ekstak.amaqc?

Trojan.Win32.Ekstak.amaqc removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment