Trojan

Trojan.Win32.Ekstak.iwiu (file analysis)

Malware Removal

The Trojan.Win32.Ekstak.iwiu is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.iwiu virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Queries information on disks, possibly for anti-virtualization
  • Detects the presence of Wine emulator via registry key
  • Checks the version of Bios, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
static.16.249.201.195.clients.your-server.de

How to determine Trojan.Win32.Ekstak.iwiu?



File Info:

crc32: 2D758986
md5: 8523477fd06a1960cfa27aec08e16f88
name: 8523477FD06A1960CFA27AEC08E16F88.mlw
sha1: e57b7847c58584902569d95f676b988323206e77
sha256: 23aba337a83ccf346653c0423b94304a4519af4a2e264d27ffac88a28a4c9a4e
sha512: a2a320c9bf557dbab1ac056178c976cab604d2029db187c0b16d839646f3ee6f023b3e1f722535f377367bc1e9102a6eefc7517bc4e49edd4970660389b13002
ssdeep: 24576:/CifgLVjxiSsUKXH5gAudpOFKOLu5bVR92m7XulpP:qIgxjiXZgNdpO5uRgC+lR
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

InternalName: BMRepair.exe
FileVersion: 3.2.1114.58
Comments: Framework 3.45 installer
ProductName: Framework 3.45 Setup
ProductVersion: 3.2.1114.58
FileDescription: Framework 3.45 Setup
OriginalFilename: BMRepair.exe
Translation: 0x0409 0x04b0

Trojan.Win32.Ekstak.iwiu also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 0053c4e01 )
LionicTrojan.Win32.Ekstak.4!c
Elasticmalicious (high confidence)
DrWebTrojan.InstallCube.3673
CynetMalicious (score: 100)
CAT-QuickHealTrojan.Ekstak.S3560696
ALYacApplication.Bundler.ICLoader.5.Gen
CylanceUnsafe
ZillyaTrojan.Ekstak.Win32.9448
AlibabaTrojan:Win32/Ekstak.ee036d52
K7GWTrojan ( 0053c4e01 )
Cybereasonmalicious.fd06a1
CyrenW32/InstallCube.H.gen!Eldorado
SymantecPUA.ICLoader
ESET-NOD32a variant of Win32/Kryptik.GKOJ
APEXMalicious
AvastWin32:ICLoader-X [Adw]
KasperskyTrojan.Win32.Ekstak.iwiu
BitDefenderApplication.Bundler.ICLoader.5.Gen
NANO-AntivirusTrojan.Win32.Ekstak.fhmhot
MicroWorld-eScanApplication.Bundler.ICLoader.5.Gen
TencentMalware.Win32.Gencirc.10cc535f
Ad-AwareApplication.Bundler.ICLoader.5.Gen
SophosMal/Generic-S
ComodoApplication.Win32.ICLoader.GS@84429a
BitDefenderThetaGen:NN.ZexaF.34294.Nr0@auzcAAki
McAfee-GW-EditionBehavesLike.Win32.Generic.th
FireEyeGeneric.mg.8523477fd06a1960
EmsisoftApplication.Bundler.ICLoader.5.Gen (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Ekstak.rjr
AviraTR/ICLoader.Gen8
eGambitUnsafe.AI_Score_100%
Antiy-AVLTrojan/Generic.ASBOL.C526
MicrosoftTrojan:Win32/Skeeyah.A!rfn
ArcabitApplication.Bundler.ICLoader.5.Gen
GDataApplication.Bundler.ICLoader.5.Gen
TACHYONTrojan/W64.Ekstak.1695744
AhnLab-V3Adware/Win.NJK.R423367
Acronissuspicious
McAfeeGenericR-NJK!8523477FD06A
MAXmalware (ai score=100)
VBA32BScope.Trojan.Fuerboos
MalwarebytesAdware.ICLoader.Generic
PandaTrj/Genetic.gen
RisingTrojan.Kryptik!1.AA23 (CLASSIC)
YandexTrojan.GenAsa!jmhP7CqMxeY
IkarusPUA.ICLoader
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/CoinMiner.GYQC!tr
AVGWin32:ICLoader-X [Adw]
Paloaltogeneric.ml

How to remove Trojan.Win32.Ekstak.iwiu?

Trojan.Win32.Ekstak.iwiu removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment