Trojan

Trojan.Win32.Ekstak.amtuk (file analysis)

Malware Removal

The Trojan.Win32.Ekstak.amtuk is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.amtuk virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Trojan.Win32.Ekstak.amtuk?



File Info:

name: 7E304AD6A39D8633127B.mlw
path: /opt/CAPEv2/storage/binaries/fe2973c01e66c06b6f30605cd2425531c3be8630a57fcc16bebe1cce0c014aeb
crc32: 37B13A61
md5: 7e304ad6a39d8633127b36e4bf2be754
sha1: 317d76b448aeec30456743700d90704a0baf53b1
sha256: fe2973c01e66c06b6f30605cd2425531c3be8630a57fcc16bebe1cce0c014aeb
sha512: 9adcad6c31fba42077f52bb303aa609e74475641c89e794d1a59804868fefc0a492e4eaea11bbadad39cf8e43173f18983e76b111e9b1e3fb9a3691834eaf786
ssdeep: 196608:somU0PmNjdTwnNb97RPECEFFlHFHIZ/JAlzAQPXcaPNxfg6kG33S:soqu9dT8Nb9RPENFFtFS/IvVrg6kG33S
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13AA6330FB5EE59A7EA42C6709F16BFB311B0ACEF7C70C2295552DC8ECD38624691A11C
sha3_384: e29ba74947aefe1fef75dac0cd0e1dfcb265af071820250fdfab4eabb7495077a8533464f7c09b42ca49cbf40dc8af62
ep_bytes: 558bec83c4d453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup: http://www.innosetup.com
CompanyName: Acobyte, Inc.                                               
FileDescription: Acobyte Utilities Setup                                     
FileVersion:                     
InternalName: 
OriginalFilename: 
ProductName: 
ProductVersion: 
Translation: 0x0409 0x04e4

Trojan.Win32.Ekstak.amtuk also known as:

AlibabaTrojanDropper:Win32/Generic.bbc4f07e
CyrenW32/Ekstak.DA.gen!Eldorado
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Ekstak.amtuk
AvastWin32:Malware-gen
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
GDataWin32.Backdoor.Bodelph.TLK7TL
JiangminTrojan.Ekstak.cbzt
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GoogleDetected
AhnLab-V3Trojan/Win.Generic.C5236325
McAfeeArtemis!7E304AD6A39D
MalwarebytesTrojan.Dropper
FortinetW32/Agent.SLC!tr
AVGWin32:Malware-gen

How to remove Trojan.Win32.Ekstak.amtuk?

Trojan.Win32.Ekstak.amtuk removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment