Trojan

Trojan.Win32.Ekstak.amijl removal guide

Malware Removal

The Trojan.Win32.Ekstak.amijl is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.amijl virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing
  • Likely virus infection of existing system binary

How to determine Trojan.Win32.Ekstak.amijl?



File Info:

name: 70DB62CA8897AA9D1586.mlw
path: /opt/CAPEv2/storage/binaries/6e9dcc15e36a13eb2c9187f5686ca59fea696dbb664d12a862686317fefab01b
crc32: EA9C66C5
md5: 70db62ca8897aa9d1586fd74da549ff0
sha1: ea08422224ea05288dcb1bbfb76efd81b74792cc
sha256: 6e9dcc15e36a13eb2c9187f5686ca59fea696dbb664d12a862686317fefab01b
sha512: 3b1e52afc848f0a637e1e97a58880ee6c93dd5ee24cf4e24cd20b1446088b6ce09a5386cabe52c5567df73d2cb899162bf1f0c8a5cbbe5c7944f20d1379ba777
ssdeep: 196608:WoZZgSoLqcNFY/Gz6gv/bPpjSh+O3SyGur4LEu:zuFFvz6AbpjSwO3SzuMj
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14366338C3711D430D0569A74FAD10A574AB5FF574B3A581A31EBBB6E4F333A0AE2B210
sha3_384: 6b103add08d6ebd72f2c950d9d57192b1a3c1f11c5071c30dc7e85d738ec6072af81818a19612f869e8ab51d039e34fe
ep_bytes: 558bec83c4cc53565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Bisvin, LLC                                                 
FileDescription: Bisvin Disk Cleaner Free                                    
FileVersion: 1.2.0.17            
LegalCopyright:                                                                                                     
Translation: 0x0409 0x04e4

Trojan.Win32.Ekstak.amijl also known as:

MalwarebytesMalware.AI.1880028839
K7AntiVirusTrojan ( 005722f11 )
AlibabaTrojanDropper:Win32/Ekstak.d927a099
K7GWTrojan ( 005722f11 )
SymantecTrojan.Gen.2
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
TrendMicro-HouseCallTROJ_GEN.R002H0DFP22
Paloaltogeneric.ml
KasperskyTrojan.Win32.Ekstak.amijl
TencentWin32.Trojan-dropper.Agent.Ahot
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
GDataWin32.Backdoor.Bodelph.O8BEF1
JiangminTrojan.Ekstak.bysa
ZoneAlarmTrojan.Win32.Ekstak.amijl
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
McAfeeArtemis!70DB62CA8897
CylanceUnsafe
AvastWin32:Trojan-gen
AVGWin32:Trojan-gen

How to remove Trojan.Win32.Ekstak.amijl?

Trojan.Win32.Ekstak.amijl removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment