Trojan

Trojan.Win32.Ekstak.amtwo removal guide

Malware Removal

The Trojan.Win32.Ekstak.amtwo is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.amtwo virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing

How to determine Trojan.Win32.Ekstak.amtwo?



File Info:

name: 04AE1F852BED7297DC58.mlw
path: /opt/CAPEv2/storage/binaries/d131eb1563e07e879efb77c84e2719d748a1e19227ee131636f49d9425062287
crc32: D326CE04
md5: 04ae1f852bed7297dc584ea5fe36f5ef
sha1: b8888f9deaf4fb1b30e1da7828e19b3ea0a5608c
sha256: d131eb1563e07e879efb77c84e2719d748a1e19227ee131636f49d9425062287
sha512: 832a797b9399c58ae2fd2be055d68ae5d24896d66f96797969f049ccfc98b2e0c381ebc59821760e0ef0058c8f92815b7f357963742aa9ed43dacb72de903f22
ssdeep: 196608:cTb9eTfwyyvRU3cVldbMvRbZGHRN7lvCOLMxL8CjR:cTb9e78JZldUBZGHdBC5jR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T197A633C3AEB59173F60496B477B8FBF785B43D83B4E0D1222B686C4C57A22B08D5D906
sha3_384: 6975f31a7246d52070f52a840b73db28310c3a5543a66c28d4567e9bd362232f1b86db08478630f0f896b1e05add724d
ep_bytes: 558bec83c4d453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup: http://www.innosetup.com
CompanyName: Acobyte, Inc.                                               
FileDescription: Acobyte Utilities Setup                                     
FileVersion:                     
InternalName: 
OriginalFilename: 
ProductName: 
ProductVersion: 
Translation: 0x0409 0x04e4

Trojan.Win32.Ekstak.amtwo also known as:

McAfeeArtemis!04AE1F852BED
CylanceUnsafe
CyrenW32/Ekstak.DA.gen!Eldorado
SymantecTrojan.Gen.MBT
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
Paloaltogeneric.ml
KasperskyTrojan.Win32.Ekstak.amtwo
AvastWin32:Malware-gen
TencentWin32.Trojan.Ekstak.Rimw
SophosMal/Generic-S
McAfee-GW-EditionArtemis!Trojan
JiangminTrojan.Ekstak.cbzt
WebrootW32.Malware.Gen
GoogleDetected
AviraTR/AD.Nekark.ksxne
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataWin32.Backdoor.Bodelph.CGFVUS
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.C5236325
MalwarebytesTrojan.Dropper
TrendMicro-HouseCallTROJ_GEN.R002H0CIJ22
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Agent.SLC!tr
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan.Win32.Ekstak.amtwo?

Trojan.Win32.Ekstak.amtwo removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment