Trojan

About “Trojan.Win32.Ekstak.auinj” infection

Malware Removal

The Trojan.Win32.Ekstak.auinj is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.auinj virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Created a service that was not started
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan.Win32.Ekstak.auinj?



File Info:

name: B23A1AD59DA3BF4C781E.mlw
path: /opt/CAPEv2/storage/binaries/89ecfd1bb19b93332484cc47e2320b8e3c66f929492cb0101a76347085bb2f10
crc32: AF923173
md5: b23a1ad59da3bf4c781e7a2299dea182
sha1: bb108eec8f31c71b45b5f99fae592b22eb543b65
sha256: 89ecfd1bb19b93332484cc47e2320b8e3c66f929492cb0101a76347085bb2f10
sha512: 0b806e3d824eedb2ce994b979289cd03b77c43c02e7db26ad2f68745012d65fa74ea8aebb68eb38057e466f7eec394638d7e7742b6858dca06b95a9c94235c0e
ssdeep: 98304:IoGeDkWd85m8O2c+BteAf+v2ROFDnbV55Mk6E7o89TowaKgZD24dm8:HGeDt8m8CwcEZMr55VkgEz24dD
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T188563363F7864EF3C395ED35B984DA9A4D4A7E1E1272E8486D7B0FCB8B313A08156131
sha3_384: 1700c405a4f0c4db750c51d1e1bc1c9b2a7d251a1c7b2f462b01edb8c793bb88d66bd4a95762358ea1f68e7d49b2b188
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 2023-12-27 13:22:49


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: ZPointLIB Setup                                             
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: ZPointLIB                                                   
ProductVersion: 1.2.2.7             
Translation: 0x0000 0x04b0

Trojan.Win32.Ekstak.auinj also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Ekstak.4!c
Elasticmalicious (high confidence)
SkyhighBehavesLike.Win32.PUPInstaller.vc
Cylanceunsafe
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
CynetMalicious (score: 99)
APEXMalicious
ClamAVWin.Malware.Generic-10017587-0
KasperskyTrojan.Win32.Ekstak.auinj
AvastWin32:AdwareX-gen [Adw]
TencentWin32.Trojan.Ekstak.Najl
SophosMal/Generic-S
F-SecureTrojan.TR/Drop.Agent.shrvi
DrWebTrojan.Siggen22.55029
IkarusTrojan-Dropper.Win32.Agent
AviraTR/Drop.Agent.shrvi
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmTrojan.Win32.Ekstak.auinj
GDataWin32.Trojan.Agent.ITWU0H
McAfeeArtemis!B23A1AD59DA3
MalwarebytesGeneric.Malware/Suspicious
FortinetW32/Agent.SLC!tr
AVGWin32:AdwareX-gen [Adw]
DeepInstinctMALICIOUS

How to remove Trojan.Win32.Ekstak.auinj?

Trojan.Win32.Ekstak.auinj removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment