Trojan

About “Trojan.Win32.Ekstak.aocvx” infection

Malware Removal

The Trojan.Win32.Ekstak.aocvx is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.aocvx virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan.Win32.Ekstak.aocvx?



File Info:

name: D705C71E448558577149.mlw
path: /opt/CAPEv2/storage/binaries/45170fcbe586e9250acdb0e6be893c3ac7cc97a7021e9d330a529a2c7fe07e02
crc32: A7CBCAE8
md5: d705c71e44855857714940a3595e8f64
sha1: 652a978d8c40a9a286c1d981cc779625d22cfa25
sha256: 45170fcbe586e9250acdb0e6be893c3ac7cc97a7021e9d330a529a2c7fe07e02
sha512: 9ed4a811f444ab0044ec08f09ecd0aff9fb463809e129f00db1f06ab374f8384a821241cd3e2a11062bce057ca5772b0304fa94d0a7a355386564fd12877be8e
ssdeep: 196608:fWsB6i7uCg14DuIbk+iWz/vGWpjvRt4I9cRs9jwWy91suj:fbB6LCgJIbV/71v/N9c4jwWy9F
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A98633708754A830D0B3B2B55C4A811C7AA96D5F78EAEC3FB5F8488CDF2B151847BB91
sha3_384: 6c416819d9de574e1b72a3d0ab8bf76d9a74e9ab9117bc3378bc15e9f639a15a520d244e6d2236e6777fd2bdfce01f48
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 2023-08-03 20:55:47


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: Ashc Burning Studio Setup                                   
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: Ashc Burning Studio                                         
ProductVersion:                     
Translation: 0x0000 0x04b0

Trojan.Win32.Ekstak.aocvx also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Convagent.4!c
Elasticmalicious (high confidence)
McAfeeArtemis!D705C71E4485
MalwarebytesAdware.DownloadAssistant
K7AntiVirusTrojan ( 005722f11 )
AlibabaTrojanDropper:Win32/Ekstak.1aecf1a9
K7GWTrojan ( 005722f11 )
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
APEXMalicious
KasperskyTrojan.Win32.Ekstak.aocvx
AvastOther:Malware-gen [Trj]
TencentWin32.Trojan.Ekstak.Zmhl
SophosMal/Generic-S
McAfee-GW-EditionBehavesLike.Win32.ObfuscatedPoly.wc
JiangminTrojan.Ekstak.chwf
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmTrojan.Win32.Ekstak.aocvx
AhnLab-V3Trojan/Win.Generic.R597933
TrendMicro-HouseCallTROJ_GEN.R002H0DH323
IkarusTrojan-Dropper.Win32.Agent
FortinetW32/Agent.SLC!tr
AVGOther:Malware-gen [Trj]
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Trojan.Win32.Ekstak.aocvx?

Trojan.Win32.Ekstak.aocvx removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment