Trojan

Trojan.Win32.Ekstak.aoquc removal instruction

Malware Removal

The Trojan.Win32.Ekstak.aoquc is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.aoquc virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Transacted Hollowing
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan.Win32.Ekstak.aoquc?



File Info:

name: DDF2CD57BC19184B1DFE.mlw
path: /opt/CAPEv2/storage/binaries/aa6e47733a30089901167c7f629394a9f26b20ee5892cf77dbe6e68353cd0cc6
crc32: 8AF04597
md5: ddf2cd57bc19184b1dfe939992c4e93f
sha1: d5a01995778a72a1a25a887ac2839a2e633cd09f
sha256: aa6e47733a30089901167c7f629394a9f26b20ee5892cf77dbe6e68353cd0cc6
sha512: 23b2ae7a6a86446cea04941089e615085473f48502e5757de13c1ebe7e07548a844e792d681fc574076e009b7497eea376e43a701b69576b8c0ca73e08752512
ssdeep: 98304:Fh3WUGbEV2JDW37KRatzPG5yxXpRhmAfCYfbqCMlIsio2bp:OUGbEVKQ7KUNESRhTqkb3lp
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14816331A8AC0A930D9121FF139DCA764B2673B141E78C426FA68FE5FC1C15EA8D943D7
sha3_384: e42fac492843a367cf86ff87fd15baef262afbc242c3f66093381848baafc50af58e9f8d35db706416823ecd2dc0ffc0
ep_bytes: 558bec83c4cc53565733c08945f08945
timestamp: 2023-09-16 22:17:21


Version Info:

Comments: This installation was built with Inno Setup: http://www.innosetup.com
CompanyName:                                                             
FileDescription: KRes Setup                                                  
FileVersion:                     
LegalCopyright:                                                                                                     
Translation: 0x0409 0x04e4

Trojan.Win32.Ekstak.aoquc also known as:

Elasticmalicious (high confidence)
McAfeeArtemis!DDF2CD57BC19
Cylanceunsafe
SangforTrojan.Win32.Agent.Vlbz
CyrenW32/Ekstak.HV.gen!Eldorado
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
APEXMalicious
KasperskyTrojan.Win32.Ekstak.aoquc
AvastOther:Malware-gen [Trj]
TencentWin32.Trojan.Ekstak.Rimw
McAfee-GW-EditionBehavesLike.Win32.ObfuscatedPoly.wc
SophosMal/Generic-S
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmTrojan.Win32.Ekstak.aoquc
GoogleDetected
AhnLab-V3Trojan/Win.DownloadAssistant.C5488804
MalwarebytesGeneric.Malware/Suspicious
PandaTrj/Chgt.AD
TrendMicro-HouseCallTROJ_GEN.R002H0DIG23
IkarusTrojan-Dropper.Win32.Agent
FortinetW32/Agent.SLC!tr
AVGOther:Malware-gen [Trj]
DeepInstinctMALICIOUS

How to remove Trojan.Win32.Ekstak.aoquc?

Trojan.Win32.Ekstak.aoquc removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment