What is "Trojan:Win32/Ekstak.CB!MTB"?

The Trojan:Win32/Ekstak.CB!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan:Win32/Ekstak.CB!MTB virus can do?

Executable code extraction
Creates RWX memory
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
Queries information on disks, possibly for anti-virtualization
Behavior consistent with a dropper attempting to download the next stage.
Detects the presence of Wine emulator via registry key
Checks the version of Bios, possibly for anti-virtualization
Attempts to modify proxy settings
Collects information to fingerprint the system

Related domains:

z.whorecord.xyz

a.tomx.xyz

static.17.249.201.195.clients.your-server.de

How to determine Trojan:Win32/Ekstak.CB!MTB?


File Info:
crc32: 58965DC3
md5: e575eea4f256d3876633591781764e72
name: E575EEA4F256D3876633591781764E72.mlw
sha1: f14b721f80747ae9644372bb2ad4a595ffa547ac
sha256: 5ed6626fb5ccd949276484c783fa9b5e8ce8dbc5cd01e9b79a319cbfb7b3f9c2
sha512: ced8745c9b2f22ab797efe11f39557594a4d21d604b3de876abb6a4a5f8573e7a8b2d1d5a93b7180c6cb439c5c166a1d94e5a69b075000bfbfb34095c6f6783f
ssdeep: 98304:10ccqeQgjWm3lVaxhUnMCeA2vcOJAtxp6rm3O:Hzd0WclVmhU1eA2nALorc
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: 2005-2018 MODJO. All rights reserved.
FileVersion: 10, 2, 0, 6526
CompanyName: MODJO
ProductName: MODJO Internet Security
ProductVersion: 10, 2, 0, 6526
FileDescription: MODJO Internet Security
Translation: 0x0409 0x04e4

Trojan:Win32/Ekstak.CB!MTB also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 0053e8521 )
Lionic	Trojan.Win32.Ekstak.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.SelfdelPMF.S4247483
ALYac	Gen:Variant.Zusy.307485
Cylance	Unsafe
Zillya	Trojan.Ekstak.Win32.15803
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_60% (D)
Alibaba	Trojan:Win32/Ekstak.587d0bef
K7GW	Trojan ( 0053e8521 )
Cybereason	malicious.4f256d
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.GMIQ
APEX	Malicious
Avast	Win32:ICLoader-X [Adw]
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Zusy.307485
NANO-Antivirus	Trojan.Win32.InstallCube.fjvtjl
MicroWorld-eScan	Gen:Variant.Zusy.307485
Tencent	Win32.Trojan.Ekstak.Ajuz
Ad-Aware	Gen:Variant.Zusy.307485
Sophos	Mal/Generic-S
Comodo	Application.Win32.ICLoader.GS@84429a
BitDefenderTheta	Gen:NN.ZexaF.34236.@t0@aiPll0di
McAfee-GW-Edition	BehavesLike.Win32.Generic.rc
FireEye	Generic.mg.e575eea4f256d387
Emsisoft	Gen:Variant.Zusy.307485 (B)
SentinelOne	Static AI – Malicious PE
Avira	TR/ICLoader.Gen8
eGambit	Unsafe.AI_Score_100%
Antiy-AVL	Trojan/Generic.ASMalwS.299576D
Microsoft	Trojan:Win32/Ekstak.CB!MTB
ZoneAlarm	HEUR:Packed.Win32.Katusha.gen
GData	Gen:Variant.Zusy.307485
AhnLab-V3	PUP/Win32.FileTour.R242805
Acronis	suspicious
McAfee	Packed-FME!E575EEA4F256
MAX	malware (ai score=89)
VBA32	BScope.Trojan.Ekstak
Malwarebytes	Adware.Agent
Panda	Trj/Genetic.gen
Rising	Trojan.Kryptik!1.AA23 (CLASSIC)
Yandex	Trojan.GenAsa!3sLpyh1IcJc
Ikarus	PUA.ICLoader
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/CoinMiner.GYQC!tr
AVG	Win32:ICLoader-X [Adw]
Paloalto	generic.ml

How to remove Trojan:Win32/Ekstak.CB!MTB?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

What is “Trojan:Win32/Ekstak.CB!MTB”?