Trojan

Trojan.Win32.Ekstak.amjtp removal instruction

Malware Removal

The Trojan.Win32.Ekstak.amjtp is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.amjtp virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing
  • Collects and encrypts information about the computer likely to send to C2 server
  • Creates a hidden or system file
  • Likely virus infection of existing system binary

How to determine Trojan.Win32.Ekstak.amjtp?



File Info:

name: BB2C96D6BA62423F2664.mlw
path: /opt/CAPEv2/storage/binaries/07d2fe090ab0d5c00cf02baacbd1ee41ee307d9c2b654b319adb69fb39469213
crc32: 5512919F
md5: bb2c96d6ba62423f2664e1e7d8db4840
sha1: 8f6dbd7a7c8bfd9f921334c3ff31b3dc83dbd547
sha256: 07d2fe090ab0d5c00cf02baacbd1ee41ee307d9c2b654b319adb69fb39469213
sha512: 5eb6bdf37bdfa84619127586ef66d7594e6e3b9bb173cf0059340dad25f2962c597dbbf56c6fa54f2b64efacd43c68cf3a1d689b0f1f21986bd00589b3bd0d1c
ssdeep: 196608:ybiamiB0RKMGlcDNciy/sp8nK4SClm/bCA:ybiJRfGlWN7qs4K4SClm/OA
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1216633F17690B2B1D5400A79B08B913A71B7AF05791AF21F32A57FAE373B341620961F
sha3_384: f402990f498dfe159ff5281584011204d4cf3c76d27f2d87205610cd1652efd10be42b2a53b55d5406ea302ee4aab834
ep_bytes: 558bec83c4cc53565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Novativn Solutions                                          
FileDescription: Disk Cleaner                                                
FileVersion: 6.0.1.0             
LegalCopyright:                                                                                                     
Translation: 0x0409 0x04e4

Trojan.Win32.Ekstak.amjtp also known as:

LionicTrojan.Win32.Ekstak.4!c
Elasticmalicious (moderate confidence)
McAfeeArtemis!BB2C96D6BA62
CylanceUnsafe
AlibabaTrojanDropper:Win32/Ekstak.07af3ef8
K7GWTrojan ( 005722f11 )
K7AntiVirusTrojan ( 005722f11 )
CyrenW32/Ekstak.CG.gen!Eldorado
SymantecTrojan.Gen.2
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
TrendMicro-HouseCallTROJ_GEN.R002H0DG722
Paloaltogeneric.ml
KasperskyTrojan.Win32.Ekstak.amjtp
TencentWin32.Trojan-dropper.Agent.Pfjg
JiangminTrojanDropper.Inokrypt.b
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataWin32.Backdoor.Bodelph.RZABO3
AhnLab-V3Adware/Win.Adware-gen.R503210
MalwarebytesMalware.AI.613100908
AvastWin32:Adware-gen [Adw]
AVGWin32:Adware-gen [Adw]

How to remove Trojan.Win32.Ekstak.amjtp?

Trojan.Win32.Ekstak.amjtp removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment