Trojan

Trojan:Win32/Ekstak.ASEF!MTB removal guide

Malware Removal

The Trojan:Win32/Ekstak.ASEF!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Ekstak.ASEF!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the embedded win api malware family
  • Created a service that was not started
  • Uses suspicious command line tools or Windows utilities
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan:Win32/Ekstak.ASEF!MTB?



File Info:

name: 8B5DB429CE4BB2FEC65E.mlw
path: /opt/CAPEv2/storage/binaries/5a8050fe374d6278848cd7db77dbb3b49600dc35bac1e3c2761dd2f8dd91b8aa
crc32: C79CB413
md5: 8b5db429ce4bb2fec65e7c1acb1446bd
sha1: d0c24a366b5597c319efc1546e0112e8be6627f7
sha256: 5a8050fe374d6278848cd7db77dbb3b49600dc35bac1e3c2761dd2f8dd91b8aa
sha512: 792823f6f5c37d3f8a9e56a908111162722e0f94f92dee92102ad49fc61aa3e0154c8cc40451ce732417bb9fc27e2fd9f9fb90353e55a35039faa9a058e4b3cb
ssdeep: 98304:QTCEsCiZEaxu1wxRKRk7zf6ZzxpPyu3Nw8XsZpqLedu2Ai4dm8:41OleOHniZtdd1sZAi4dD
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1912633490C98BDF4F021043A16A72D7ADFB374204BF551AABD9D4581FFA68624CB1B4F
sha3_384: d4c4a70f4e33872f4aa8ead7758a934f365324497d7e0aa12821938ebd056514d3db1e057dbfe06d1163a37fbe5988b5
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: VB Edit Control CRT Setup                                   
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: VB Edit Control CRT                                         
ProductVersion: 0.1.0.1             
Translation: 0x0000 0x04b0

Trojan:Win32/Ekstak.ASEF!MTB also known as:

BkavW32.Common.972B5D2E
LionicTrojan.Win32.Ekstak.4!c
MicroWorld-eScanTrojan.GenericKD.71244937
FireEyeTrojan.GenericKD.71244937
SkyhighBehavesLike.Win32.ObfuscatedPoly.rc
McAfeeArtemis!8B5DB429CE4B
Cylanceunsafe
SangforDropper.Win32.Ekstak.Vql9
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanDropper:Win32/Ekstak.b9d2b244
K7GWTrojan ( 005722fe1 )
K7AntiVirusTrojan ( 005722fe1 )
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Ekstak.aurgg
BitDefenderTrojan.GenericKD.71244937
AvastWin32:Malware-gen
TencentWin32.Trojan.Ekstak.Fajl
EmsisoftTrojan.GenericKD.71244937 (B)
F-SecureTrojan.TR/Drop.Agent.sbejd
DrWebTrojan.Siggen22.63195
VIPRETrojan.GenericKD.71244937
TrendMicroTrojan.Win32.SOCKSSYSTEMZ.YXEAAZ
SophosMal/Generic-S
IkarusTrojan.Win32.Crypt
GDataTrojan.GenericKD.71244937
JiangminTrojan.Ekstak.cimh
AviraTR/Drop.Agent.sbejd
ArcabitTrojan.Generic.D43F1C89
ZoneAlarmTrojan.Win32.Ekstak.aurgg
MicrosoftTrojan:Win32/Ekstak.ASEF!MTB
VaristW32/Agent.TWDG-6598
AhnLab-V3Trojan/Win.Malware-gen.R630244
ALYacTrojan.GenericKD.71244937
MAXmalware (ai score=80)
MalwarebytesGeneric.Malware/Suspicious
PandaTrj/Chgt.AD
TrendMicro-HouseCallTrojan.Win32.SOCKSSYSTEMZ.YXEAAZ
MaxSecureTrojan.Malware.222391682.susgen
FortinetW32/Agent.SLC!tr
AVGWin32:Malware-gen
DeepInstinctMALICIOUS

How to remove Trojan:Win32/Ekstak.ASEF!MTB?

Trojan:Win32/Ekstak.ASEF!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment