Trojan

Trojan.Win32.Ekstak.atwzz malicious file

Malware Removal

The Trojan.Win32.Ekstak.atwzz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.atwzz virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Created a service that was not started
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan.Win32.Ekstak.atwzz?



File Info:

name: 4AB566AE536000DB2909.mlw
path: /opt/CAPEv2/storage/binaries/bad1383920ff9cb9cd11fab6ff61fa61d75cf700d93993e511eec27d31c0da38
crc32: 0783CD93
md5: 4ab566ae536000db2909241fae950e35
sha1: 79031a94d3bc4ba7515e4d5b00cfd9b70afffd49
sha256: bad1383920ff9cb9cd11fab6ff61fa61d75cf700d93993e511eec27d31c0da38
sha512: 4bb9fd221ed66e19f9a9e791b9ad61c47f0d4d0ce75ae7356c83a37ca85f52a3e8a6c04815e11784271a367d2087d0843e84d8678780ed407c61949955f6af7d
ssdeep: 98304:69mVfqyZx99UCh4y+k2322BiAM5h9QgvVZfiJGAbxp/WPcJQi94dm8:WmVfqk2uL92faVVZ8Gq/MO4dD
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11A6633507B495576C0407DF12E299156273BDEF48EF13272B8CDAE9C6B330B01A983BA
sha3_384: 77f3a42864cab493d658aca6cbe7dff44d877dc22fbeec5e928472784058574555948bfa6e974a9fe124be781a447266
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 2023-12-26 07:09:50


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: QtTextTable Setup                                           
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: QtTextTable                                                 
ProductVersion: 1.2.2.6             
Translation: 0x0000 0x04b0

Trojan.Win32.Ekstak.atwzz also known as:

SkyhighBehavesLike.Win32.PUPInstaller.vc
McAfeeArtemis!4AB566AE5360
Cylanceunsafe
SangforTrojan.Win32.Agent.Vk6a
SymantecTrojan.Gen.MBT
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
CynetMalicious (score: 99)
APEXMalicious
KasperskyTrojan.Win32.Ekstak.atwzz
AvastWin32:Evo-gen [Trj]
SophosMal/Generic-S
F-SecureTrojan.TR/Drop.Agent.hwwyf
DrWebTrojan.Siggen22.53296
IkarusWin32.Outbreak
VaristW32/Agent.YHVV-1892
AviraTR/Drop.Agent.hwwyf
KingsoftWin32.Trojan.Ekstak.atwzz
MicrosoftTrojan:Win32/Sabsik.FL.A!ml
ZoneAlarmTrojan.Win32.Ekstak.atwzz
GDataWin32.Trojan.Agent.GHB91D
GoogleDetected
TrendMicro-HouseCallTROJ_GEN.R002H0CLQ23
FortinetW32/Agent.SLC!tr
AVGWin32:Evo-gen [Trj]
DeepInstinctMALICIOUS

How to remove Trojan.Win32.Ekstak.atwzz?

Trojan.Win32.Ekstak.atwzz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment