Trojan

Trojan.Win32.Ekstak.amrun malicious file

Malware Removal

The Trojan.Win32.Ekstak.amrun is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.amrun virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Deletes executed files from disk

How to determine Trojan.Win32.Ekstak.amrun?



File Info:

name: 1A4ABDD6DD39313035D1.mlw
path: /opt/CAPEv2/storage/binaries/c6461370a9d9597ab9f69cb0ede3dd29290503ca450032335ff7c9974c978af0
crc32: 9B8E7603
md5: 1a4abdd6dd39313035d1df30a4d626bb
sha1: 3069fa1eaf4c447b6afa53e7f3574a0536bc2cb5
sha256: c6461370a9d9597ab9f69cb0ede3dd29290503ca450032335ff7c9974c978af0
sha512: c8e24ff9cc13c7f0a42e43df3cc5a56744dc4b26237c336adfd3ebd1480bddc3a54f3644a7c8ba34dba52530a056d4d4e7efb19b589ba1c209362c4335ed1bdd
ssdeep: 98304:Ui4vP0LImYHGn1KreAdd/8TkqIAkOUxYpjY3vwA8VZlaipaAo5O:1JLVYHGn1KCMd0TMnMef6j+N5O
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16346332070250D36D4A7BD3D1EA99CD606FB3C3F306D64C629A4B72E8E653C19E6B385
sha3_384: 4e7ad690b0113e9b18bfae30a6f02029b925864848d05f446d5e920e27cf27c963b718256aa5a88a27be488e95ad40b8
ep_bytes: 558bec83c4d453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup: http://www.innosetup.com
CompanyName:                                                             
FileDescription: File cloner                                                 
FileVersion: 1.0.0.6             
InternalName: 
OriginalFilename: 
ProductName: 
ProductVersion: 
Translation: 0x0409 0x04e4

Trojan.Win32.Ekstak.amrun also known as:

LionicTrojan.Win32.Ekstak.4!c
CylanceUnsafe
SangforDropper.Win32.Ekstak.Vorq
K7AntiVirusTrojan ( 005722fe1 )
AlibabaTrojanDropper:Win32/Ekstak.ebefa5b3
K7GWTrojan ( 005722fe1 )
SymantecTrojan.Gen.2
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
TrendMicro-HouseCallTROJ_GEN.R002H0DI222
Paloaltogeneric.ml
ClamAVWin.Malware.Ekstak-9968247-0
KasperskyTrojan.Win32.Ekstak.amrun
CynetMalicious (score: 99)
AvastWin32:Adware-gen [Adw]
TencentWin32.Trojan.Ekstak.Azlw
SophosMal/Generic-S
McAfee-GW-EditionArtemis!PUP
GDataWin32.Backdoor.Bodelph.8WQWDH
JiangminTrojan.Ekstak.cbqn
AviraTR/AD.Nekark.wwdse
MicrosoftTrojan:Win32/Wacatac.A!ml
AhnLab-V3Adware/Win.Adware-gen.R514141
McAfeeArtemis!1A4ABDD6DD39
MalwarebytesAdware.DownloadAssistant
FortinetRiskware/Agent
AVGWin32:Adware-gen [Adw]

How to remove Trojan.Win32.Ekstak.amrun?

Trojan.Win32.Ekstak.amrun removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment