Trojan

Trojan:Win32/Ekstak.GAF!MTB removal

Malware Removal

The Trojan:Win32/Ekstak.GAF!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Ekstak.GAF!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Trojan:Win32/Ekstak.GAF!MTB?



File Info:

name: 21EC83F498A9D39FD370.mlw
path: /opt/CAPEv2/storage/binaries/9c92893fbe31d5e24fbe100202965e42dc23f6dff9722def66d661c1ef2c2359
crc32: D9018F75
md5: 21ec83f498a9d39fd370d08eb233a84e
sha1: ef944853f3f566f2295e020594945c6be5dae32f
sha256: 9c92893fbe31d5e24fbe100202965e42dc23f6dff9722def66d661c1ef2c2359
sha512: 0c92bd2e3a334d5b45c472343899df2ffe1794e60e61dff305f63de317b206cb3912356210d232c953dfe744b9992f695aa7ae8bea7bb48c8d6b6c37f9a5f36a
ssdeep: 98304:h17TFDX7jJwaFzKeLM/bMWtRnvtFNCQ18mTdA9cCnuXcQn/l0n8L:N5bzKzbMeRnvtFpZTdA9cRnX
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18A3633B382E34874E0126DF16CA243172DB96E669273CA75F36D58DE6B43CB281197C3
sha3_384: 870795f4bbc1e1cec2c08c77e34e83b53b2e17ddb377683fe4b3dc02f2259c678f0f995481d99816365f73eeed8d6330
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 2023-12-18 21:49:55


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: PRingTone Setup                                             
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: PRingTone                                                   
ProductVersion: 1.2.1.8             
Translation: 0x0000 0x04b0

Trojan:Win32/Ekstak.GAF!MTB also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Ekstak.4!c
MicroWorld-eScanTrojan.Generic.34690554
FireEyeTrojan.Generic.34690554
SkyhighBehavesLike.Win32.BadFile.rc
ALYacTrojan.Generic.34690554
Cylanceunsafe
SangforTrojan.Win32.Agent.Vot6
ArcabitTrojan.Generic.D21155FA
APEXMalicious
CynetMalicious (score: 100)
BitDefenderTrojan.Generic.34690554
AvastWin32:Malware-gen
SophosMal/Generic-S
ZillyaTrojan.Ekstak.Win32.75742
EmsisoftTrojan.Generic.34690554 (B)
IkarusTrojan.Win32.Ekstak
GoogleDetected
MicrosoftTrojan:Win32/Ekstak.GAF!MTB
GDataTrojan.Generic.34690554
VaristW32/Agent.YLUO-6236
McAfeeArtemis!21EC83F498A9
MAXmalware (ai score=84)
MalwarebytesMalware.AI.4010000700
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_GEN.R002H01LO23
FortinetW32/PossibleThreat
AVGWin32:Malware-gen
DeepInstinctMALICIOUS

How to remove Trojan:Win32/Ekstak.GAF!MTB?

Trojan:Win32/Ekstak.GAF!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment