Trojan

How to remove “Trojan.Win32.Ekstak.amszp”?

Malware Removal

The Trojan.Win32.Ekstak.amszp is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.amszp virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing

How to determine Trojan.Win32.Ekstak.amszp?



File Info:

name: AC52DC702B6801F04CF9.mlw
path: /opt/CAPEv2/storage/binaries/a675e713fbef515f38a03b6d2b440cb33ea72f3962d09b79c3a335e6022504c5
crc32: 618C3126
md5: ac52dc702b6801f04cf941944e8eac39
sha1: 3d2d8afbe1a80d62e6c18f8ed600c01d8fa51f86
sha256: a675e713fbef515f38a03b6d2b440cb33ea72f3962d09b79c3a335e6022504c5
sha512: ea374c0a1592cbbf3acc5dcf87c89bf6abd0a609908ca0882c8e0b6ca24398828d904d7210f06868d48678db874001a098c03b056538d4950fa82fb0b31819d4
ssdeep: 196608:Mvcts0r8qVvfuknzakQbDmwx4YXU3tNWhO1NX3ZalGY+dXdK+BBH7cK+9pkX:Mm7NVxzm3/xaN7ZgBKzzoKqkX
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14BA63385676CD0B3E198DEF44F72AFF249BC1A7BAD58C51E9D8C8E89E73EB402840055
sha3_384: 30c66badb270ee5a1e783f27114055657fd29717ba1c8e095b6b13d3b001579d4d2c7e40679afb3bad1f63ed0855483b
ep_bytes: 558bec83c4d453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup: http://www.innosetup.com
CompanyName: Achbyte, Inc.                                               
FileDescription: Achbyte Utilities Setup                                     
FileVersion:                     
InternalName: 
OriginalFilename: 
ProductName: 
ProductVersion: 
Translation: 0x0409 0x04e4

Trojan.Win32.Ekstak.amszp also known as:

SangforTrojan.Win32.Agent.Vmw5
K7AntiVirusTrojan ( 005722fe1 )
AlibabaTrojanDropper:Win32/Generic.fd8dfa27
CyrenW32/Ekstak.DA.gen!Eldorado
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Ekstak.amszp
AvastWin32:Malware-gen
McAfee-GW-EditionArtemis!Trojan
GDataWin32.Backdoor.Bodelph.E3UJRX
JiangminTrojan.Ekstak.cbzt
AviraTR/Drop.Agent.lhixo
ZoneAlarmTrojan.Win32.Ekstak.amszp
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Trojan/Win.Generic.C5236325
McAfeeArtemis!AC52DC702B68
MalwarebytesAdware.DownloadAssistant
TrendMicro-HouseCallTROJ_GEN.R002H0CIC22
FortinetW32/Agent.SLC!tr
AVGWin32:Malware-gen

How to remove Trojan.Win32.Ekstak.amszp?

Trojan.Win32.Ekstak.amszp removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment