Trojan

Trojan:Win32/Ekstak!MTB malicious file

Malware Removal

The Trojan:Win32/Ekstak!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Ekstak!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the embedded win api malware family
  • Attempts to modify proxy settings
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan:Win32/Ekstak!MTB?



File Info:

name: 698975E81EBBDBC420C6.mlw
path: /opt/CAPEv2/storage/binaries/9cf1b25744218dda8a3420564d935191d9316c2f4c596f6d1d62bbf75a7b003c
crc32: 5CD6233E
md5: 698975e81ebbdbc420c650db457bb0f0
sha1: 494581513a7e78bcea910d342511f9ea69b585f0
sha256: 9cf1b25744218dda8a3420564d935191d9316c2f4c596f6d1d62bbf75a7b003c
sha512: d5a30f59d000eb37e68d8df26cff9424edad1a5a4d920f82534fff4cf57930012a76118fe6906e23856f93c49b73724c89abb5f1f0d7de0a2e3faf6668ebe68e
ssdeep: 49152:Z2xVTJ/FMEiTgEY51cdoie9LexjjrUcJi7FcjlPNFmjq9EBAP:MrZ2k1cyJajQ17FcPAqPP
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16EC53347D6E6D1B2F05049344C04DD358EF43DA099BEDC6A1AEC9B4E6E33B3B9680798
sha3_384: 45eebd7dd02f55fb88384bb29b7a586e777c99b5c22fb0c7160b4b7bc79bedfa05dd361908df6857272b363f62f74b36
ep_bytes: 558bec83c4cc53565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: ncafrog.com                                                 
FileDescription: FHZsoftFR FRec220 Setup                                     
FileVersion:                     
LegalCopyright:                                                                                                     
Translation: 0x0409 0x04e4

Trojan:Win32/Ekstak!MTB also known as:

BkavW32.Common.061FD6BD
LionicTrojan.Win32.GCleaner.a!c
MicroWorld-eScanGen:Variant.Cerbu.164309
FireEyeGen:Variant.Cerbu.164309
SkyhighBehavesLike.Win32.ObfuscatedPoly.vc
McAfeeTrojan-FUWW!698975E81EBB
Cylanceunsafe
SangforDownloader.Win32.Gcleaner.Vaz4
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojanDownloader:Win32/GCleaner.6f28351d
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.81ebbd
SymantecTrojan.Gen.MBT
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
APEXMalicious
TrendMicro-HouseCallTROJ_GEN.R03FC0DC324
KasperskyUDS:Trojan-Downloader.Win32.GCleaner.dtx
BitDefenderGen:Variant.Cerbu.164309
AvastWin32:Trojan-gen
TencentWin32.Trojan-Downloader.Gcleaner.Rnkl
EmsisoftGen:Variant.Cerbu.164309 (B)
F-SecureHeuristic.HEUR/AGEN.1333117
DrWebTrojan.Siggen19.57563
VIPREGen:Variant.Cerbu.164309
TrendMicroTROJ_GEN.R03FC0DC324
SophosMal/Generic-S
JiangminTrojanDownloader.GCleaner.oq
AviraHEUR/AGEN.1333117
VaristW32/Ekstak.FI.gen!Eldorado
Antiy-AVLTrojan/Win32.Agent
Kingsoftmalware.kb.a.959
MicrosoftTrojan:Win32/Ekstak!MTB
ArcabitTrojan.Cerbu.D281D5
ZoneAlarmUDS:Trojan-Downloader.Win32.GCleaner.dtx
GDataGen:Variant.Cerbu.164309
CynetMalicious (score: 100)
AhnLab-V3Downloader/Win.BeamWinHTTP.C5385540
ALYacGen:Variant.Cerbu.164309
MAXmalware (ai score=87)
MalwarebytesAgent.Trojan.Dropper.DDS
PandaTrj/CI.A
YandexTrojan.DR.Agent!nWm3MLNKuz8
IkarusTrojan.Win32.Crypt
MaxSecureTrojan.Malware.201181947.susgen
FortinetW32/Agent.SLC!tr
AVGWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:Win32/Ekstak!MTB?

Trojan:Win32/Ekstak!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment