Trojan

Trojan.Win32.Ekstak.axguh removal tips

Malware Removal

The Trojan.Win32.Ekstak.axguh is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.axguh virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Transacted Hollowing
  • CAPE detected the embedded win api malware family
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan.Win32.Ekstak.axguh?



File Info:

name: 55B169C603219BDFB89C.mlw
path: /opt/CAPEv2/storage/binaries/f7cdeab835807fe7f5c952484a3abdcbd147f71e6616d61a99099f137f1b4c37
crc32: 9C497E53
md5: 55b169c603219bdfb89cad8fa139b869
sha1: eb1c9c77fe8785147aa4b6d111bbb69c14084ef1
sha256: f7cdeab835807fe7f5c952484a3abdcbd147f71e6616d61a99099f137f1b4c37
sha512: aced079a8509ce0e1c313e0938bd4d57f7d31bb39b1f1cb71261979efec356002495632f8d2659e3eb5b7644d9e59dd97ff5800fb208425b175079b0a628b885
ssdeep: 196608:wsvFWkr7/6Il+lXx2qFrS1liFANdl68oyaB6Bbjb/9BB:/lL6ZlXx2qFO1lQ+dlUhI5B
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BB763383D8B7C0FFD6D0C83E1E26DE9CDDA034B05A7527D596AECAE92E041C16C46663
sha3_384: 10b14517da02879d4888e32329ebe88c21455e66ee4f26bedb8cfef83be9a985ed011a2ae8e4b25e9ecc9fd2c39508a1
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 2024-04-24 17:02:44


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: APAPLAY Setup                                               
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: APAPLAY                                                     
ProductVersion:                                                   
Translation: 0x0000 0x04b0

Trojan.Win32.Ekstak.axguh also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
SkyhighArtemis
McAfeeArtemis!55B169C60321
MalwarebytesAdware.DownloadAssistant
SangforTrojan.Win32.Agent.Vons
K7AntiVirusTrojan ( 005722f11 )
K7GWTrojan ( 005722f11 )
Paloaltogeneric.ml
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
APEXMalicious
TrendMicro-HouseCallTROJ_GEN.R002H0ADO24
AvastOther:Malware-gen [Trj]
KasperskyTrojan.Win32.Ekstak.axguh
SophosMal/Generic-S
GoogleDetected
F-SecureHeuristic.HEUR/AGEN.1373347
Trapminesuspicious.low.ml.score
IkarusTrojan.Win32.Crypt
VaristW32/Agent.WDDZ-0678
AviraHEUR/AGEN.1373347
ZoneAlarmTrojan.Win32.Ekstak.axguh
CynetMalicious (score: 99)
SentinelOneStatic AI – Suspicious PE
FortinetW32/Agent.SLC!tr
AVGOther:Malware-gen [Trj]
DeepInstinctMALICIOUS

How to remove Trojan.Win32.Ekstak.axguh?

Trojan.Win32.Ekstak.axguh removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment