Trojan

Should I remove “Trojan.Win32.Ekstak.amvyy”?

Malware Removal

The Trojan.Win32.Ekstak.amvyy is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.amvyy virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing

How to determine Trojan.Win32.Ekstak.amvyy?



File Info:

name: A41019A4D245A331BF82.mlw
path: /opt/CAPEv2/storage/binaries/1e68cb00c91ef765569f4868999520a3eda08a6d247a4c7a8b1521ef025bc3b6
crc32: F3C79FA2
md5: a41019a4d245a331bf822cbfb4211279
sha1: f1dfe828f3223c9efcf2e5c5c764242f2cc26d7d
sha256: 1e68cb00c91ef765569f4868999520a3eda08a6d247a4c7a8b1521ef025bc3b6
sha512: 3d83cc700d9128525d98e045ee3d3e7c29c74425191ef4706595748e79efa494316e86f8985d46a2b5043214867d18199e067f4f092fcb676e92ea4710b6d479
ssdeep: 196608:hBUhiqSWzE9p3R0d7to88bA5mWAsQVOIZYRLaATN5A:hBBqSYEH3RWxpQVOhS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1958633CDA88EE6E9D0BE5F350D6447CDBBC53684AE3698F52E81089FDE079932425307
sha3_384: 9cf3e53048e1906f362c0cd689f7d318f3bf7925caca9126ce0a1c7d198f83e724231cd9b04dbc36112f0b764fc42d3c
ep_bytes: 558bec83c4d453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup: http://www.innosetup.com
CompanyName: Arej Relanj                                                 
FileDescription: Universal Extractor Setup                                   
FileVersion:                     
InternalName: 
OriginalFilename: 
ProductName: 
ProductVersion: 
Translation: 0x0409 0x04e4

Trojan.Win32.Ekstak.amvyy also known as:

LionicTrojan.Win32.Convagent.4!c
CylanceUnsafe
SangforTrojan.Win32.Agent.Vpf8
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
Paloaltogeneric.ml
ClamAVWin.Malware.Ekstak-9968247-0
KasperskyTrojan.Win32.Ekstak.amvyy
AvastFileRepMalware [Adw]
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
GDataWin32.Backdoor.Bodelph.4S6QPH
JiangminTrojan.Ekstak.cbqn
ZoneAlarmUDS:DangerousObject.Multi.Generic
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
McAfeeArtemis!A41019A4D245
MalwarebytesMalware.AI.1889248393
TrendMicro-HouseCallTROJ_GEN.R002H0DJ322
FortinetW32/Agent.SLC!tr
AVGFileRepMalware [Adw]

How to remove Trojan.Win32.Ekstak.amvyy?

Trojan.Win32.Ekstak.amvyy removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment