Trojan

About “Trojan.Win32.Ekstak.amgar” infection

Malware Removal

The Trojan.Win32.Ekstak.amgar is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.amgar virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing
  • Likely virus infection of existing system binary

How to determine Trojan.Win32.Ekstak.amgar?



File Info:

name: BA1AC166644A4632D0C3.mlw
path: /opt/CAPEv2/storage/binaries/ae3c475db6e5d49dc059b80d0f0a640f3fae8041fff91b0b39db43e36a16d0c7
crc32: 94BF63CC
md5: ba1ac166644a4632d0c3419ce0655983
sha1: 27f38c2c648123e1bf9373d895a6edec4d076f1c
sha256: ae3c475db6e5d49dc059b80d0f0a640f3fae8041fff91b0b39db43e36a16d0c7
sha512: 3cee6efafd0b2d510c05627b3cb597a1fc26ecd926dd1209bcc1805f2b706e682f053a68755eead889701b8f0a467943c5bbd0da5eeca5297d3054ce827ab2aa
ssdeep: 196608:UFyX5XgBGKZnbcaPsBKd5u7ymORLpUIk6z:UFyX5qGyI2ru7yXJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F5763307CA1D45BBFD70A5310D92B6213F6E38B96AF29523F9C66E034A70DADE4742C4
sha3_384: 6b172b9fcefceef51c3c3e830a33bc2a87701f21b4f0cb3f117744fe072452fe111778823b48accfc8372c05f1a8f9ca
ep_bytes: 558bec83c4cc53565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Vseev Sv. Pv.                                               
FileDescription: viewfe.ucpa.ru                                              
FileVersion: 3.5.0.0             
LegalCopyright:                                                                                                     
Translation: 0x0409 0x04e4

Trojan.Win32.Ekstak.amgar also known as:

McAfeeArtemis!BA1AC166644A
CylanceUnsafe
SangforRiskware.Win32.Agent.ky
K7AntiVirusTrojan ( 005722f11 )
AlibabaTrojanDropper:Win32/Ekstak.b3a3421c
K7GWTrojan ( 005722f11 )
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
Paloaltogeneric.ml
KasperskyTrojan.Win32.Ekstak.amgar
AvastWin32:Adware-gen [Adw]
RisingMalware.Generic!8.BA4C (CLOUD)
McAfee-GW-EditionBehavesLike.Win32.BadFile.vc
SophosMal/Generic-S
GDataWin32.Backdoor.Bodelph.2WSGON
ViRobotTrojan.Win32.Z.Sabsik.7257924
ZoneAlarmTrojan.Win32.Ekstak.amgar
MicrosoftTrojan:Script/Phonzy.C!ml
MalwarebytesMalware.AI.1867052505
TrendMicro-HouseCallTROJ_GEN.R002H0DFA22
AVGWin32:Adware-gen [Adw]

How to remove Trojan.Win32.Ekstak.amgar?

Trojan.Win32.Ekstak.amgar removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment