Trojan

Trojan.Win32.Ekstak.auykp removal instruction

Malware Removal

The Trojan.Win32.Ekstak.auykp is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.auykp virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan.Win32.Ekstak.auykp?



File Info:

name: 4925F17D8B90C6D4FCAF.mlw
path: /opt/CAPEv2/storage/binaries/c21a42e8b2a0438b098e265850bb090f562bada5edd557a537dfaeb34922a548
crc32: 32D0347A
md5: 4925f17d8b90c6d4fcafb38f6eeccff9
sha1: 67e9d25f5629494c3b0d66c2d8de222c7d98a0f3
sha256: c21a42e8b2a0438b098e265850bb090f562bada5edd557a537dfaeb34922a548
sha512: ef17f58f11ccc653c298ef2a70a63e16633cc884f7a9369efd951c93458d87b49e6543f8ffd78a4e941ad66724f4736cd7ac6ebfa6d627e92d35187e37b63c07
ssdeep: 196608:EEFy0x7lNgU6TZ1GoDCMAd5fZSe4Bv+kG+k5kjt8N:EEZ7lNLM2ojA2vI5kO
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11F86334540E4CE30F0D8097CF2057A856C6FB39EBCB29F152BEB28D79B52172A45867E
sha3_384: 523f61c804fcdd2708dca6c6c7950d1e40aee2d2a2d243e535c08e8a2a81b7312b206dfe92ae31c834546ebf54663043
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 2024-01-11 19:36:57


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: TAR Archive JS library Setup                                
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: TAR Archive JS library                                      
ProductVersion:                     
Translation: 0x0000 0x04b0

Trojan.Win32.Ekstak.auykp also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
SkyhighBehavesLike.Win32.ObfuscatedPoly.rc
Cylanceunsafe
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
APEXMalicious
KasperskyTrojan.Win32.Ekstak.auykp
AvastFileRepMalware [Adw]
SophosGeneric Reputation PUA (PUA)
IkarusTrojan-Dropper.Win32.Agent
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmTrojan.Win32.Ekstak.auykp
GDataWin32.Backdoor.Bodelph.6UJUS6
McAfeeArtemis!4925F17D8B90
TrendMicro-HouseCallTROJ_GEN.R002H0DAB24
SentinelOneStatic AI – Suspicious PE
AVGFileRepMalware [Adw]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Trojan.Win32.Ekstak.auykp?

Trojan.Win32.Ekstak.auykp removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment