Trojan

Trojan.Win32.Ekstak.amizd removal guide

Malware Removal

The Trojan.Win32.Ekstak.amizd is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.amizd virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Collects and encrypts information about the computer likely to send to C2 server
  • Likely virus infection of existing system binary

How to determine Trojan.Win32.Ekstak.amizd?



File Info:

name: E0D75C89AA5AF40976F6.mlw
path: /opt/CAPEv2/storage/binaries/139a905bc435bdc53eb8aa470c8d7843e8c313b0a560f921b91d3e501c46f6da
crc32: 8D3FFE01
md5: e0d75c89aa5af40976f6fbf03b71f3ae
sha1: 4f2addd1ad76ce87882a47dccfd6cdc371ab9419
sha256: 139a905bc435bdc53eb8aa470c8d7843e8c313b0a560f921b91d3e501c46f6da
sha512: f52854b5d95b8eca22b288893ed9a0dcb662d4e418018b3a0371f9a7ccbf027d306958085a4636163892c6c8f38178a5a453bbd5c00271a56d9cc5991d9311c6
ssdeep: 196608:ytt8p2AzIW3MJndRAqRX5xycHvnbMoC1trmRCA:yoILvAqRPVjMHX7A
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1756633BBBA90A3E2D5100A76B947F51C2233BD1A4F05D70E3151BFDA263B386606671F
sha3_384: e73cd33bab11316804b796c9292d5ba15da411ad4dd305b053226f92f309d2523f2a55d6d9d0aaa67bc50c00f9ab909a
ep_bytes: 558bec83c4cc53565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Novativh Solutions                                          
FileDescription: Disk Cleaner                                                
FileVersion: 6.0.0.4             
LegalCopyright:                                                                                                     
Translation: 0x0409 0x04e4

Trojan.Win32.Ekstak.amizd also known as:

Elasticmalicious (moderate confidence)
CrowdStrikewin/malicious_confidence_100% (W)
K7GWTrojan ( 005722f11 )
K7AntiVirusTrojan ( 005722f11 )
SymantecTrojan.Gen.2
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
TrendMicro-HouseCallTROJ_GEN.R002H0DFU22
KasperskyTrojan.Win32.Ekstak.amizd
AvastFileRepMalware [Adw]
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
GDataWin32.Backdoor.Bodelph.5KGQPD
JiangminTrojanDropper.Inokrypt.b
WebrootW32.Adware.Downloadassistant
ZoneAlarmTrojan.Win32.Ekstak.amizd
MicrosoftTrojan:Win32/Wacatac.B!ml
McAfeeArtemis!E0D75C89AA5A
MalwarebytesAdware.DownloadAssistant
AVGFileRepMalware [Adw]

How to remove Trojan.Win32.Ekstak.amizd?

Trojan.Win32.Ekstak.amizd removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment