Trojan

About “Trojan.Win32.Ekstak.amytb” infection

Malware Removal

The Trojan.Win32.Ekstak.amytb is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.amytb virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing

How to determine Trojan.Win32.Ekstak.amytb?



File Info:

name: E82175458BD334E81587.mlw
path: /opt/CAPEv2/storage/binaries/c1d7fda9f4be9fd0e09ea6199f53720733ece65c1aec845e5e8eb981c0a9eaed
crc32: F4511C37
md5: e82175458bd334e815874ee3b3c1f436
sha1: 0bfab729d1392f5c70f1c7c89d1ff86100877b03
sha256: c1d7fda9f4be9fd0e09ea6199f53720733ece65c1aec845e5e8eb981c0a9eaed
sha512: 39c88ea934572c14d469b271613470b76dd36ff3719ff633dde668d7a6df8d5cef9659b3862d22e6e695c576ff6a7d0528ce8fa90fa8845a1f3fece99b22c7df
ssdeep: 196608:u+8orMiqmxzbDDBY0MFM9Q1fBb7orKBLJOO:v8owopRY5fWKB1
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14776337C6CFE20F7F996B5B2C601A989197B7C512D7470222E8B065978FB081F09FB61
sha3_384: db3fdf23cc2d73c727c236915cd69b8ed9b63ddea0f7b471866b9bb912fa77a1e6d300731393943823e617a8bad81d2e
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: doDisk Defrag Setup                                         
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: doDisk Defrag                                               
ProductVersion:                     
Translation: 0x0000 0x04b0

Trojan.Win32.Ekstak.amytb also known as:

CylanceUnsafe
SangforTrojan.Win32.Agent.V7pb
AlibabaTrojanDropper:Win32/Ekstak.8f193a16
SymantecTrojan.Gen.2
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
TrendMicro-HouseCallTROJ_GEN.R002H0DJT22
Paloaltogeneric.ml
KasperskyTrojan.Win32.Ekstak.amytb
AvastWin32:Trojan-gen
SophosMal/Generic-S (PUA)
McAfee-GW-EditionArtemis!Trojan
APEXMalicious
GDataWin32.Backdoor.Bodelph.H83XGJ
JiangminTrojan.Ekstak.cctb
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3Trojan/Win.Ekstak.C5288507
McAfeeArtemis!E82175458BD3
FortinetW32/Agent.SLC!tr.dldr
AVGWin32:Trojan-gen

How to remove Trojan.Win32.Ekstak.amytb?

Trojan.Win32.Ekstak.amytb removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment