Trojan

About “Trojan.Win32.Ekstak.apkdp” infection

Malware Removal

The Trojan.Win32.Ekstak.apkdp is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.apkdp virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Transacted Hollowing
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan.Win32.Ekstak.apkdp?



File Info:

name: 79BF93C204134611ACA9.mlw
path: /opt/CAPEv2/storage/binaries/944737468351ce3c03f43a9f41213416d7524565f962a3ff229b192acc21d05e
crc32: B849C116
md5: 79bf93c204134611aca93f9af8029864
sha1: 55b320339f503d38937138d1ab30267e36d65f28
sha256: 944737468351ce3c03f43a9f41213416d7524565f962a3ff229b192acc21d05e
sha512: a24f94c12923cc56787e888d263d59705d92fb16304f30bc8ea1a1b97198612f7f52c194214f8981021358063e24b699d171b3254961ace8756dfe2d6290f250
ssdeep: 98304:BqpvA3T7k/YQB5EAW4N5hX4cVVeKHp1DtzfmhPHAXdZLdRW/6tFMTxxTHpB4/JfB:kpv0Xkw4SAHFX4cV0XPH4ZiSLoxHTOfB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1787633698850E8AFD3E101F451F1FF2DC9B57F516C7E0682AA963CBFAA38F8D5A00550
sha3_384: 3a95e29ae22da474e66f61162dc9431427108b895fa58800ea603323e3ef895d70e0ef48ab3bb39f8f320eb4c8d262c5
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 2023-10-25 21:55:15


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: DAC Codec Setup                                             
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: DAC Codec                                                   
ProductVersion:                     
Translation: 0x0000 0x04b0

Trojan.Win32.Ekstak.apkdp also known as:

Elasticmalicious (high confidence)
SkyhighBehavesLike.Win32.ObfuscatedPoly.vc
Cylanceunsafe
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
APEXMalicious
KasperskyTrojan.Win32.Ekstak.apkdp
Trapminesuspicious.low.ml.score
SophosGeneric Reputation PUA (PUA)
IkarusTrojan-Dropper.Win32.Agent
GoogleDetected
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmTrojan.Win32.Ekstak.apkdp
AhnLab-V3Trojan/Win.Malware-gen.C5531862
McAfeeArtemis!79BF93C20413
MalwarebytesAdware.DownloadAssistant
TrendMicro-HouseCallTROJ_GEN.R002H0DJP23
SentinelOneStatic AI – Suspicious PE
AVGOther:Malware-gen [Trj]
AvastOther:Malware-gen [Trj]
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Trojan.Win32.Ekstak.apkdp?

Trojan.Win32.Ekstak.apkdp removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment