Trojan

Trojan.Win32.Ekstak.aplvu removal tips

Malware Removal

The Trojan.Win32.Ekstak.aplvu is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.aplvu virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Transacted Hollowing
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan.Win32.Ekstak.aplvu?



File Info:

name: E3F8338819745B86E846.mlw
path: /opt/CAPEv2/storage/binaries/ae91b6e7fccefcff3c1edee324748b226770619a0207a3bd9ba88eabae4bbd3a
crc32: 413C86FF
md5: e3f8338819745b86e846245299afbbde
sha1: 32e2c55bf2f2da027576cccc38425c307a91b417
sha256: ae91b6e7fccefcff3c1edee324748b226770619a0207a3bd9ba88eabae4bbd3a
sha512: 589d2ae130105edbc886ea0ad2da35f7c50433dd856ea6e7b0df0b40b167d85413ae826f585267cf701fed96eb04740697af17b591ef19f22bdd54f1d527313b
ssdeep: 196608:TXyuGxo7C3hjkXghdx8/rKN/vrwI3BheJOYMYGsr61naBMCA:TtuVkpONHZgOYCsrSEMl
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T171863343C2261C19D4206FFB0D95C16BCB3A6C974264D4E354F43B6F2AC4AF7329A9E6
sha3_384: 06b4f603ff09ebc78734dcc9713762ad65b91bcccb75663ec8d824a33ac9d682e6a06a41545a31650a24be6047b53f6f
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 2023-10-29 08:59:21


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: EtaLib Setup                                                
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: EtaLib                                                      
ProductVersion:                     
Translation: 0x0000 0x04b0

Trojan.Win32.Ekstak.aplvu also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
SkyhighBehavesLike.Win32.ObfuscatedPoly.wc
CrowdStrikewin/malicious_confidence_60% (W)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
APEXMalicious
KasperskyTrojan.Win32.Ekstak.aplvu
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
ZoneAlarmTrojan.Win32.Ekstak.aplvu
Cylanceunsafe
IkarusTrojan-Dropper.Win32.Agent
FortinetW32/Agent.SLC!tr

How to remove Trojan.Win32.Ekstak.aplvu?

Trojan.Win32.Ekstak.aplvu removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment