Trojan

What is “Trojan:Win32/Ekstak.ASDY!MTB”?

Malware Removal

The Trojan:Win32/Ekstak.ASDY!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Ekstak.ASDY!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the embedded win api malware family
  • Created a service that was not started
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/Ekstak.ASDY!MTB?



File Info:

name: 690962806AE360FDC04B.mlw
path: /opt/CAPEv2/storage/binaries/af72d998606947486a87fd2c1dd93afa42154511ee5c4b220d3f1aa07426cd91
crc32: 4D7F3D93
md5: 690962806ae360fdc04b19da152154e6
sha1: 46e482af730bf11389b1b238a64928dbeef6bb52
sha256: af72d998606947486a87fd2c1dd93afa42154511ee5c4b220d3f1aa07426cd91
sha512: 62c26272a29d10d39225c96f5cb68dd031441131cdc8383657c711162fb918e68d0e3c407e11e1f255cc2f46635185f8c186d40817bb18a5d4c5f65f78ba91cd
ssdeep: 98304:+4bl3vfxBteThymDliVPPcm/HeX6WtEcPzInANypjjfZNlR1KDUPdOU/TENGWUwH:Rh7teThPZidcKj8fPz6+4jb1KswNdDJF
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CC663392876B9A39C13BACB94720C36B41CE7B6F54FD6A23F99D32F9103F245A101365
sha3_384: 540096dba9c44da5b4fb09872d8b1787a14204d092ddd7ee86942db6ebcea97c413e50a66aec79dd54afef55bce50ce3
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 2023-12-21 17:13:52


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: RButtonTRAY Setup                                           
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: RButtonTRAY                                                 
ProductVersion: 1.2.2.1             
Translation: 0x0000 0x04b0

Trojan:Win32/Ekstak.ASDY!MTB also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Ekstak.4!c
DrWebTrojan.Siggen22.47135
MicroWorld-eScanTrojan.GenericKD.70924194
FireEyeTrojan.GenericKD.70924194
CAT-QuickHealTrojan.Ekstak
SkyhighBehavesLike.Win32.ObfuscatedPoly.vc
ALYacTrojan.GenericKD.70924194
Cylanceunsafe
SangforDropper.Win32.Ekstak.Vhck
K7AntiVirusTrojan ( 005722fe1 )
K7GWTrojan ( 005722fe1 )
ArcabitTrojan.Generic.D43A37A2
VirITTrojan.Win32.Genus.USA
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
CynetMalicious (score: 100)
APEXMalicious
KasperskyTrojan.Win32.Ekstak.asgsb
BitDefenderTrojan.GenericKD.70924194
NANO-AntivirusTrojan.Win32.Ekstak.kggokt
AvastOther:Malware-gen [Trj]
EmsisoftTrojan.GenericKD.70924194 (B)
F-SecureTrojan.TR/Drop.Agent.pqgul
VIPRETrojan.GenericKD.70924194
SophosMal/Generic-S
IkarusTrojan.SuspectCRC
JiangminTrojan.Ekstak.cils
AviraTR/Drop.Agent.pqgul
MAXmalware (ai score=84)
Antiy-AVLTrojan/Win32.Ekstak
KingsoftWin32.Troj.Generic.v
MicrosoftTrojan:Win32/Ekstak.ASDY!MTB
ZoneAlarmTrojan.Win32.Ekstak.asgsb
GDataTrojan.GenericKD.70924194
AhnLab-V3Trojan/Win.Malware-gen.R628634
McAfeeArtemis!690962806AE3
MalwarebytesTrojan.Dropper
PandaTrj/Genetic.gen
MaxSecureTrojan.Malware.221714972.susgen
FortinetW32/Agent.SLC!tr
AVGOther:Malware-gen [Trj]
DeepInstinctMALICIOUS

How to remove Trojan:Win32/Ekstak.ASDY!MTB?

Trojan:Win32/Ekstak.ASDY!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment