Trojan

Trojan.Win32.Ekstak.iwza removal instruction

Malware Removal

The Trojan.Win32.Ekstak.iwza is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.iwza virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Queries information on disks, possibly for anti-virtualization
  • Detects the presence of Wine emulator via registry key
  • Checks the version of Bios, possibly for anti-virtualization
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

static.16.249.201.195.clients.your-server.de

How to determine Trojan.Win32.Ekstak.iwza?



File Info:

crc32: 08DE58A2
md5: 64a54b2c63528a3f253d950c6c1f048e
name: 64A54B2C63528A3F253D950C6C1F048E.mlw
sha1: 9138967595db427f56e3f15dbd0760ccdafe3aec
sha256: 203785349cf7003cad30caa8d35d3965aa2589a40eee9a39fe859866e5641ba0
sha512: cb86c300ba50bfe393e75aed3a033f98d5e41db6f50c74d9ff40e6ae1da10a68ea426d0c629722d03241892c838f98ea68cec57990f35c9c3b849206ac86bb97
ssdeep: 49152:YRMALVPB6qt8QohCwCzyMlRVQZUxZGoEdb:YRVRPJghCn+MfuoEdb
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

InternalName: BORepair.exe
FileVersion: 3.2.1116.60
Comments: Framework 3.47 Setup
ProductName: Framework 3.47 Setup
ProductVersion: 3.2.1116.60
FileDescription: Framework 3.47 Setup
OriginalFilename: BORepair.exe
Translation: 0x0409 0x04b0

Trojan.Win32.Ekstak.iwza also known as:

K7AntiVirusTrojan ( 0053fe731 )
LionicTrojan.Win32.Ekstak.4!c
Elasticmalicious (high confidence)
DrWebTrojan.InstallCube.3673
CAT-QuickHealTrojan.EkstakPMF.S3518523
ALYacGen:Variant.Application.Fugrafa.5
CylanceUnsafe
ZillyaTrojan.Ekstak.Win32.9434
AlibabaTrojan:Win32/Ekstak.a5cd8ee5
K7GWTrojan ( 0053fe731 )
Cybereasonmalicious.c63528
CyrenW32/InstallCube.P.gen!Eldorado
SymantecPUA.ICLoader
ESET-NOD32a variant of Win32/Kryptik.GKQH
APEXMalicious
AvastWin32:ICLoader-X [Adw]
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Ekstak.iwza
BitDefenderGen:Variant.Application.Fugrafa.5
NANO-AntivirusTrojan.Win32.Ekstak.fhndjl
MicroWorld-eScanGen:Variant.Application.Fugrafa.5
TencentMalware.Win32.Gencirc.10ba4e81
Ad-AwareGen:Variant.Application.Fugrafa.5
SophosMal/Generic-S
ComodoApplication.Win32.ICLoader.GS@84429a
BitDefenderThetaGen:NN.ZexaF.34294.xw0@aGeDAAhi
McAfee-GW-EditionBehavesLike.Win32.Dropper.vh
FireEyeGeneric.mg.64a54b2c63528a3f
EmsisoftGen:Variant.Application.Fugrafa.5 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Ekstak.rko
AviraTR/ICLoader.Gen8
eGambitUnsafe.AI_Score_99%
Antiy-AVLTrojan/Generic.ASBOL.C526
MicrosoftTrojan:Win32/Ditertag.A
GDataGen:Variant.Application.Fugrafa.5
TACHYONTrojan/W32.Ekstak.2478080.E
Acronissuspicious
McAfeeGenericRXHC-LA!64A54B2C6352
MAXmalware (ai score=99)
VBA32BScope.Trojan.Fuerboos
MalwarebytesAdware.ICLoader.Generic
PandaTrj/Genetic.gen
RisingTrojan.Kryptik!1.AA23 (CLASSIC)
YandexTrojan.GenAsa!4gpHPdVdVkM
IkarusTrojan.Win32.Krypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/CoinMiner.GYQC!tr
AVGWin32:ICLoader-X [Adw]
Paloaltogeneric.ml

How to remove Trojan.Win32.Ekstak.iwza?

Trojan.Win32.Ekstak.iwza removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment