Trojan

Trojan.Win32.Ekstak.atqal (file analysis)

Malware Removal

The Trojan.Win32.Ekstak.atqal is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.atqal virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Created a service that was not started
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan.Win32.Ekstak.atqal?



File Info:

name: 7958B86FCAD1294AE047.mlw
path: /opt/CAPEv2/storage/binaries/f68803a19860bd70b7c58c74d97d3444456caafc2f56e2252469ec4dcf6767f0
crc32: 74DF7DBB
md5: 7958b86fcad1294ae0475d3457d34a6e
sha1: a26f20f284061325efd97a16aa4799be3d1b6349
sha256: f68803a19860bd70b7c58c74d97d3444456caafc2f56e2252469ec4dcf6767f0
sha512: 7b792fdc1068f4b9534a978d9fdf0903c946c150419b9b6818f9701f8c7d7fc0a735ca108bafb9676d967d02d5ba8c96fa3d83729d9f6fee6249390face4498e
ssdeep: 196608:xOAzAmGlxmPgCw/mbM7fvYRGCpfUP6Y4E7/KA4dD:DAsPx0fvEVUyI/K9dD
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F276231E6290423FD050FAF3E5D386B56721EC59BE6A41C96734B50809BE283FF1D92E
sha3_384: fc7f147d475de72a509dfbd69c4b51c825b08da57ab4d49a1d2edc4da3559e6f210805e6239f8fe2aeaca70837081642
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 2023-12-25 13:25:49


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: Standard Console DB Setup                                   
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: Standard Console DB                                         
ProductVersion: 1.2.2.5             
Translation: 0x0000 0x04b0

Trojan.Win32.Ekstak.atqal also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Ekstak.4!c
DrWebTrojan.Siggen22.52374
SkyhighBehavesLike.Win32.PUPInstaller.wc
Cylanceunsafe
SangforDropper.Win32.Agent.Vf32
CrowdStrikewin/malicious_confidence_60% (D)
SymantecTrojan.Gen.MBT
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
APEXMalicious
CynetMalicious (score: 99)
KasperskyTrojan.Win32.Ekstak.atqal
AvastWin32:AdwareX-gen [Adw]
TencentWin32.Trojan.Ekstak.Ocnw
F-SecureTrojan.TR/Drop.Agent.zvoac
SophosMal/Generic-S
IkarusTrojan-Dropper.Win32.Agent
AviraTR/Drop.Agent.zvoac
KingsoftWin32.Trojan.Ekstak.atqal
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmTrojan.Win32.Ekstak.atqal
GDataWin32.Trojan.Agent.HJNG2F
McAfeeArtemis!7958B86FCAD1
MalwarebytesGeneric.Malware/Suspicious
TrendMicro-HouseCallTROJ_GEN.R002H0DLP23
FortinetW32/Agent.SLC!tr
AVGWin32:AdwareX-gen [Adw]
DeepInstinctMALICIOUS

How to remove Trojan.Win32.Ekstak.atqal?

Trojan.Win32.Ekstak.atqal removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment