Trojan

Trojan.Win32.Ekstak.anuph information

Malware Removal

The Trojan.Win32.Ekstak.anuph is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.anuph virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan.Win32.Ekstak.anuph?



File Info:

name: 2CD402CDEE537F67EFE7.mlw
path: /opt/CAPEv2/storage/binaries/6c688e65ef43425286851782e488b45d0df7f01b6b2b152d773a8daf0052b13c
crc32: FFFA3300
md5: 2cd402cdee537f67efe73f6d615354b4
sha1: 6f0788911ebc8a15c98320d2189931c89ae5ffa2
sha256: 6c688e65ef43425286851782e488b45d0df7f01b6b2b152d773a8daf0052b13c
sha512: 0e385157ae8dafaec07b7216726a8fa37d07ed9dd54cd4cb78b2f300d7cff40368fecf702af95ff0547ec9e2ba2e78255246ddab339f41328d7cab7ef8b0873f
ssdeep: 98304:kizmftYVfzp6XbE00a6X0qq2ONuwI9Dipm9N5Ao5c:lKfazp6Xr03dO09DiM9zN5c
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F81633CA8854C93BC8EE87B41E63B5865C3F1A226C2E721D7E4BD17C6B351405DC86BB
sha3_384: e733ea5c583ffff229712b145115ff0739187be820f7d6d304f0f787ce20437bb675dcce1a6277983afde1cf648a3826
ep_bytes: 558bec83c4d453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup: http://www.innosetup.com
CompanyName: Elmsman, Inc.                                               
FileDescription: Frigate515 Setup                                            
FileVersion:                     
InternalName: 
OriginalFilename: 
ProductName: 
ProductVersion: 
Translation: 0x0409 0x04e4

Trojan.Win32.Ekstak.anuph also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Cerbu.176915
FireEyeGen:Variant.Cerbu.176915
McAfeeArtemis!2CD402CDEE53
MalwarebytesMalware.AI.4228817547
SangforTrojan.Win32.Agent.V5pr
SymantecTrojan.Gen.2
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
ClamAVWin.Malware.Ekstak-9968247-0
KasperskyTrojan.Win32.Ekstak.anuph
AvastWin32:Malware-gen
F-SecureTrojan.TR/AD.Nekark.bdgjh
McAfee-GW-EditionArtemis
AviraTR/AD.Nekark.bdgjh
ZoneAlarmTrojan.Win32.Ekstak.anuph
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
MAXmalware (ai score=83)
Cylanceunsafe
TrendMicro-HouseCallTROJ_GEN.R002H0DEF23
FortinetW32/Agent.SLC!tr
AVGWin32:Malware-gen
DeepInstinctMALICIOUS

How to remove Trojan.Win32.Ekstak.anuph?

Trojan.Win32.Ekstak.anuph removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment