Trojan

How to remove “Trojan.Win32.Ekstak.amhiz”?

Malware Removal

The Trojan.Win32.Ekstak.amhiz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.amhiz virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing
  • Likely virus infection of existing system binary

How to determine Trojan.Win32.Ekstak.amhiz?



File Info:

name: 531AA625E5E78E2C8850.mlw
path: /opt/CAPEv2/storage/binaries/a1eb84af04171e64a5b24b68f84e6f3dbe46cc3b9efb5c52f4a8bfcf564956a1
crc32: D4BD56DD
md5: 531aa625e5e78e2c885001fb2228ab36
sha1: 24e942d99a957c4924f12df365202808b3cf267a
sha256: a1eb84af04171e64a5b24b68f84e6f3dbe46cc3b9efb5c52f4a8bfcf564956a1
sha512: e47947ff311508bc0770630f8e3b61b18240edd4587c0d0a46ce5a8c08eb19314bd073dc389214430148632ed4db280575883e77d4b78548e79c1d14534b03c9
ssdeep: 98304:wAxvTdCoSTpgR2BBKPpk8MG1Yg/pcUBFjpjeJfKFyQxZVZNUT/FilG1GHuxK+/T:jNTIvTTBL8Z1Pl3VeKxZeFZ1g8K+L
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11266334BF127AC31E210AD32CDD024FE956E9D2DA824547C752EBD1E0F76DAB0D26236
sha3_384: f8525f1ae19189048d6a08fb1a6dec942afc91466b828409167c3e00485570e379b00ab868d1a7f42176a2e8fb2decc0
ep_bytes: 558bec83c4cc53565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Vseev Ta. Qa.                                               
FileDescription: viewfk.ucpc.ru                                              
FileVersion: 3.5.0.6             
LegalCopyright:                                                                                                     
Translation: 0x0409 0x04e4

Trojan.Win32.Ekstak.amhiz also known as:

Elasticmalicious (moderate confidence)
DrWebTrojan.Zadved.1704
K7AntiVirusTrojan ( 005722f11 )
K7GWTrojan ( 005722f11 )
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
KasperskyTrojan.Win32.Ekstak.amhiz
NANO-AntivirusTrojan.Win32.Ekstak.jpirhm
AvastWin32:Adware-gen [Adw]
SophosMal/Generic-S
McAfee-GW-EditionArtemis
JiangminTrojan.Ekstak.bymv
WebrootW32.Trojan.Gen
AviraTR/Drop.Agent.fsnmr
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataWin32.Backdoor.Bodelph.OBSM4Q
CynetMalicious (score: 99)
McAfeeArtemis!531AA625E5E7
MalwarebytesAdware.DownloadAssistant
AVGWin32:Adware-gen [Adw]

How to remove Trojan.Win32.Ekstak.amhiz?

Trojan.Win32.Ekstak.amhiz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment