Trojan

Trojan.Win32.Ekstak.aofap removal guide

Malware Removal

The Trojan.Win32.Ekstak.aofap is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.aofap virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan.Win32.Ekstak.aofap?



File Info:

name: 90CD74ACEEEB3BE9F7F1.mlw
path: /opt/CAPEv2/storage/binaries/38a1e9dbb7ba2ccd7372083bbcefaae8d7df9a45676ce403bb42b1afc5b7d054
crc32: BAFABF67
md5: 90cd74aceeeb3be9f7f1ac6e09dbf140
sha1: fa8b0632df743f51db192c677ea4f5654edefaf7
sha256: 38a1e9dbb7ba2ccd7372083bbcefaae8d7df9a45676ce403bb42b1afc5b7d054
sha512: b407ef6dfcaa6548990a11e2b35c783e0ed3ea723472a0cb96efccbe7be54f8f8441a625d0f69a24df081075bc733bed315aff5624ae009a8c4dbc3416444d6b
ssdeep: 98304:giCMqMysIRJit1QIMA9LieboPK2hujB8f8Ypo:5CM6sMS1qveboiY8V
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14306337267E4C4B0C4928E722EB8A393EC13771739341A573B271D5F5BD32C54AAA227
sha3_384: bd6fd3e8be7743f32833cdb7e3fc8f27e03ce7ec140896349508ea4ddb5a43f37bf4c04e0b830765281dd3dc6f5cd99e
ep_bytes: 558bec83c4d453565733c08945f08945
timestamp: 2023-08-12 11:03:10


Version Info:

Comments: This installation was built with Inno Setup: http://www.innosetup.com
CompanyName:                                                             
FileDescription: Inno Setup Setup                                            
FileVersion:                     
InternalName: 
OriginalFilename: 
ProductName: 
ProductVersion: 
Translation: 0x0409 0x04e4

Trojan.Win32.Ekstak.aofap also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
APEXMalicious
KasperskyTrojan.Win32.Ekstak.aofap
AvastOther:Malware-gen [Trj]
McAfee-GW-EditionArtemis
SophosMal/Generic-S
SentinelOneStatic AI – Suspicious PE
ZoneAlarmTrojan.Win32.Ekstak.aofap
MicrosoftTrojan:Win32/Wacatac.B!ml
McAfeeArtemis!90CD74ACEEEB
MalwarebytesAgent.Trojan.Dropper.DDS
FortinetW32/Agent.SLC!tr
AVGOther:Malware-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Trojan.Win32.Ekstak.aofap?

Trojan.Win32.Ekstak.aofap removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment