Trojan

Should I remove “Trojan.Win32.Ekstak.amnfn”?

Malware Removal

The Trojan.Win32.Ekstak.amnfn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan.Win32.Ekstak.amnfn virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • A file with an unusual extension was attempted to be loaded as a DLL.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing
  • Likely virus infection of existing system binary

How to determine Trojan.Win32.Ekstak.amnfn?


File Info:

name: 495D79569DDC49DB1F63.mlw
path: /opt/CAPEv2/storage/binaries/a38520a6014022521895832711501d3a928ef6058ffd793cf196b1fd777b53d4
crc32: 9683D5C1
md5: 495d79569ddc49db1f63395c07463510
sha1: 366798ead87ebacf57c5ce6836efa8195973c181
sha256: a38520a6014022521895832711501d3a928ef6058ffd793cf196b1fd777b53d4
sha512: 0f1df1597a07c07c518bff4d827ef1889b2426dfa1f61dc98402d9738ab78aefc8019715a8ce0ba84c32bf4810a1bf316d5d29570a4171e263f163fc197e37a5
ssdeep: 196608:Lo7ztIgJqcykAEb0c7p03Mq5ksxmsL5gmrRvg3kg:LEeKyHEb06+3RksmG/RvSkg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14A863341F42B88FDD4ABE2B17CB1D4A571396FF128BA487E7B1A769D433A2C4530640B
sha3_384: 76679b5a38f8b07d7eb74b0a671aeb9f380b8214f572523066ea4d07ac6f33601a6f89c67ee4411528382fdd93495969
ep_bytes: 558bec83c4d453565733c08945f08945
timestamp: 1992-06-19 22:22:17

Version Info:

Comments: This installation was built with Inno Setup: http://www.innosetup.com
CompanyName: BitABH
FileDescription: BitABH
FileVersion: 1.0.0.25
InternalName:
OriginalFilename:
ProductName:
ProductVersion:
Translation: 0x0409 0x04e4

Trojan.Win32.Ekstak.amnfn also known as:

LionicTrojan.Win32.Ekstak.4!c
McAfeeArtemis!495D79569DDC
CylanceUnsafe
K7AntiVirusTrojan ( 005722f11 )
AlibabaTrojanDropper:Win32/Ekstak.e76f6ac9
K7GWTrojan ( 005722f11 )
SymantecTrojan.Gen.2
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
Paloaltogeneric.ml
KasperskyTrojan.Win32.Ekstak.amnfn
AvastWin32:MalwareX-gen [Trj]
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
GDataWin32.Backdoor.Bodelph.ZG5JWX
AviraTR/Drop.Agent.veaff
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 99)
TrendMicro-HouseCallTROJ_GEN.R002H0CH322
FortinetW32/Agent.SLC!tr.dldr
AVGWin32:MalwareX-gen [Trj]

How to remove Trojan.Win32.Ekstak.amnfn?

Trojan.Win32.Ekstak.amnfn removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment