Trojan

What is “Trojan:Win32/Ekstak.GPB!MTB”?

Malware Removal

The Trojan:Win32/Ekstak.GPB!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Ekstak.GPB!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the embedded win api malware family
  • Created a service that was not started
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/Ekstak.GPB!MTB?



File Info:

name: E350A7FA24E46DE4EE8F.mlw
path: /opt/CAPEv2/storage/binaries/00d48ab8de3c3638b3d1148221fc63f5bcbefa212aab305558236a21d95a6c3d
crc32: 91F09E7E
md5: e350a7fa24e46de4ee8f97503d790a25
sha1: 512c9180fd1c2b6574424437eea6ae5c4480c799
sha256: 00d48ab8de3c3638b3d1148221fc63f5bcbefa212aab305558236a21d95a6c3d
sha512: f6f54e620cf77da00f43dfc2d25486fd1faf3c2ca5829fde8569ac37bb88f1379344f70a250d44c889fa799de3b1ac620ce4047cb4b569bffd0c91bf49421a6b
ssdeep: 98304:zb3/2drx3SIyNCAdPZ+tKnLjxMKg/Qy+WbZUxNLunDH3ziGT2cmA:Odd3SICbNZvL9vOuTPKnrziNcF
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1176633E34AF5EB34E121D539CC3BF25DA6318A1E68690845B4ED8F45BC27B41C34BA1B
sha3_384: dbfe1c74d6cd6ee0f1605941feb50ad22b6889a487bb7325094b6a9d0016697b86f15079865f57d651d4c618c3d542a5
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 2023-12-19 12:41:27


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: CRTNetScheme Setup                                          
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: CRTNetScheme                                                
ProductVersion: 1.2.1.9             
Translation: 0x0000 0x04b0

Trojan:Win32/Ekstak.GPB!MTB also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Generic.34533052
FireEyeTrojan.Generic.34533052
SkyhighBehavesLike.Win32.ObfuscatedPoly.vc
McAfeeArtemis!E350A7FA24E4
Cylanceunsafe
ZillyaTrojan.Ekstak.Win32.75854
K7AntiVirusTrojan ( 005722f11 )
K7GWTrojan ( 005722f11 )
CrowdStrikewin/malicious_confidence_100% (W)
ArcabitTrojan.Generic.D20EEEBC
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Ekstak.arniz
BitDefenderTrojan.Generic.34533052
AvastWin32:Malware-gen
TencentWin32.Trojan.Ekstak.Kzfl
EmsisoftTrojan.Generic.34533052 (B)
F-SecureHeuristic.HEUR/AGEN.1332570
DrWebTrojan.Siggen22.43500
VIPRETrojan.Generic.34533052
TrendMicroTROJ_GEN.R023C0XLR23
IkarusTrojan-Dropper.Win32.Agent
JiangminTrojan.Ekstak.cils
AviraHEUR/AGEN.1332570
KingsoftWin32.Trojan.Ekstak.arniz
MicrosoftTrojan:Win32/Ekstak.GPB!MTB
ZoneAlarmTrojan.Win32.Ekstak.arniz
GDataTrojan.Generic.34533052
VaristW32/Agent.ABAM-3129
AhnLab-V3Malware/Win.Malware-gen.R628409
ALYacTrojan.Generic.34533052
MAXmalware (ai score=86)
MalwarebytesGeneric.Malware/Suspicious
TrendMicro-HouseCallTROJ_GEN.R023C0XLR23
MaxSecureTrojan.Malware.221647679.susgen
FortinetW32/Agent.SLC!tr
AVGWin32:Malware-gen

How to remove Trojan:Win32/Ekstak.GPB!MTB?

Trojan:Win32/Ekstak.GPB!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment