Trojan

Trojan.Win32.Ekstak.amjmg removal guide

Malware Removal

The Trojan.Win32.Ekstak.amjmg is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.amjmg virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Collects and encrypts information about the computer likely to send to C2 server
  • Likely virus infection of existing system binary

How to determine Trojan.Win32.Ekstak.amjmg?



File Info:

name: A7E60224C36DC3D917E9.mlw
path: /opt/CAPEv2/storage/binaries/505c4eb8e4616d2a4e2ace26342bbea5b9f6a3aba0e2c6e27f5cca574dea8c1f
crc32: ED9DC4CD
md5: a7e60224c36dc3d917e970ad1df63d12
sha1: 6459b67b868c466bc2105d4026609685c773ba4c
sha256: 505c4eb8e4616d2a4e2ace26342bbea5b9f6a3aba0e2c6e27f5cca574dea8c1f
sha512: cae929f42edcd5e8299a61c34838b09a2120a20b0ce1b2a1d0675463729fa102fb346a9835c52f45887a103a21bff9ffb002e226ed0e6b07773648e4fe119284
ssdeep: 98304:YOQI6HjuRiRHFeIMzZ/Dty5VZRQ6e4H7J2ZkgYoXpxckwyGVE+m3C+/+gCytt8A:yVOuFTuBty5VvepxJ5nD8eWXyCA
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17A6633727B8167B2D0158636FE22E2242B277D264846E10F31C47F99337F3D6652A62F
sha3_384: 774c1cccb92d855d576271ff9c712aa3b9bd0c93a9701c294c64b375c4f53fc7dcd04df788138cd376235cd99ab3f0d8
ep_bytes: 558bec83c4cc53565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Novativl Solutions                                          
FileDescription: Disk Cleaner                                                
FileVersion: 6.0.0.8             
LegalCopyright:                                                                                                     
Translation: 0x0409 0x04e4

Trojan.Win32.Ekstak.amjmg also known as:

LionicTrojan.Win32.Ekstak.4!c
McAfeeArtemis!A7E60224C36D
CylanceUnsafe
K7AntiVirusTrojan ( 005722f11 )
AlibabaTrojanDropper:Win32/Ekstak.c558b6df
K7GWTrojan ( 005722f11 )
CyrenW32/Ekstak.CG.gen!Eldorado
SymantecTrojan.Gen.2
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
Paloaltogeneric.ml
KasperskyTrojan.Win32.Ekstak.amjmg
AvastWin32:Adware-gen [Adw]
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
GDataWin32.Backdoor.Bodelph.ETJ791
JiangminTrojanDropper.Inokrypt.b
ZoneAlarmTrojan.Win32.Ekstak.amjmg
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
AhnLab-V3Adware/Win.Adware-gen.C5194232
MalwarebytesAdware.DownloadAssistant
TrendMicro-HouseCallTROJ_GEN.R002H0DG422
AVGWin32:Adware-gen [Adw]

How to remove Trojan.Win32.Ekstak.amjmg?

Trojan.Win32.Ekstak.amjmg removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment