Trojan

Trojan.Win32.Ekstak.apqqe malicious file

Malware Removal

The Trojan.Win32.Ekstak.apqqe is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.apqqe virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Transacted Hollowing
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan.Win32.Ekstak.apqqe?



File Info:

name: 88388F2E8F89F3FA4C2E.mlw
path: /opt/CAPEv2/storage/binaries/496dcf65c981e99a70f58de73685e91567f57f0615b1294cba5dff9c3a66ac1a
crc32: FC1523E6
md5: 88388f2e8f89f3fa4c2ef01792f085db
sha1: 49dbd34e528ac647fc4ac0fa0f5125c72cc17639
sha256: 496dcf65c981e99a70f58de73685e91567f57f0615b1294cba5dff9c3a66ac1a
sha512: fee726d72a4fdbf4e5ac6d488e6b5e729775f8f9b7d94bc9ee962851e6624b2007b416f0f9c45a1aad2a74518321f6c2027ba8af90fced716eb660543054d827
ssdeep: 196608:EUKfXWBZqYLGYARiaoYL2buULOGoMCMkuWFuZuBXQu:Ev6HLtNYLCjLOGorluuBp
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13286338B465F99F0DC2606F489AA406C47B3362079F8D8E9423A4C4F67BFD66DE60F44
sha3_384: 6e5fa71df9b33a849a66c04460f91cee5b3e4c54c92fe2da76b6345c1dce7525b5bec91acb8ae60013d1b72d8b83c508
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 2023-11-09 16:33:07


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: Document viewer and editor                                  
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: Pop3Rebex                                                   
ProductVersion:                     
Translation: 0x0000 0x04b0

Trojan.Win32.Ekstak.apqqe also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
SkyhighArtemis!Trojan
McAfeeArtemis!88388F2E8F89
MalwarebytesAdware.DownloadAssistant
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
APEXMalicious
KasperskyTrojan.Win32.Ekstak.apqqe
F-SecureTrojan.TR/Drop.Agent.fpvdr
DrWebTrojan.PWS.Stealer.29702
Trapminesuspicious.low.ml.score
IkarusWin32.Outbreak
AviraTR/Drop.Agent.fpvdr
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmTrojan.Win32.Ekstak.apqqe
CynetMalicious (score: 99)
TrendMicro-HouseCallTROJ_GEN.R002H0DK923
SentinelOneStatic AI – Suspicious PE
FortinetW32/Agent.SLC!tr
AVGOther:Malware-gen [Trj]
AvastOther:Malware-gen [Trj]
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Trojan.Win32.Ekstak.apqqe?

Trojan.Win32.Ekstak.apqqe removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment