Trojan

Trojan.Win32.Ekstak.atfaq malicious file

Malware Removal

The Trojan.Win32.Ekstak.atfaq is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.atfaq virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Created a service that was not started
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan.Win32.Ekstak.atfaq?



File Info:

name: 8BCE3C3212A16296254F.mlw
path: /opt/CAPEv2/storage/binaries/9e6f2f16037d38ff97f324ac8dcdfbf78f7279b98ca9c6d5d5dd0138c1245796
crc32: 8338AB3C
md5: 8bce3c3212a16296254f2534f19cf3fb
sha1: cd619d8f84979a81750582eb061dd824a167b921
sha256: 9e6f2f16037d38ff97f324ac8dcdfbf78f7279b98ca9c6d5d5dd0138c1245796
sha512: 023cf86484a05e0fe9a119c5c9f8c660b87b453ca9ec5a50934c925fc9ebe215bc0fe2f31c8b1b19efb335f533b7713f7095f855f570b361b81a2d412dda6f60
ssdeep: 196608:2FxQRNZtOxi/K8K1d3bEEStbJb4+3U37NG74dD:2Fx4HOxp19buac2NG0dD
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T138663305C214A7F7C44A4BF17C6D962423DA33734A39F89F2949499A77B3CADAC2434B
sha3_384: 2edca3fb502baa9aff8adcd82bda2c93fc713baab29de31bded24a8839c232d510d20859aa6b6299c76438132727a31c
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 2023-12-24 08:54:05


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: HTMLPumpVBLIB Setup                                         
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: HTMLPumpVBLIB                                               
ProductVersion: 1.2.2.4             
Translation: 0x0000 0x04b0

Trojan.Win32.Ekstak.atfaq also known as:

BkavW32.AIDetectMalware
SkyhighBehavesLike.Win32.ObfuscatedPoly.vc
Cylanceunsafe
SangforTrojan.Win32.Agent.Vfeh
SymantecTrojan.Gen.MBT
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
APEXMalicious
KasperskyTrojan.Win32.Ekstak.atfaq
AvastOther:Malware-gen [Trj]
DrWebTrojan.Siggen22.51076
SophosMal/Generic-S
IkarusTrojan-Dropper.Win32.Agent
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
ZoneAlarmTrojan.Win32.Ekstak.atfaq
GDataWin32.Trojan.Agent.BXY8JW
AhnLab-V3Trojan/Win.Malware-gen.C5566623
McAfeeArtemis!8BCE3C3212A1
MalwarebytesGeneric.Malware/Suspicious
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_GEN.R002H0CLO23
FortinetW32/Agent.SLC!tr
AVGOther:Malware-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan.Win32.Ekstak.atfaq?

Trojan.Win32.Ekstak.atfaq removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment