Trojan

Trojan:Win32/Ekstak!pz (file analysis)

Malware Removal

The Trojan:Win32/Ekstak!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Ekstak!pz virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Transacted Hollowing
  • Deletes executed files from disk
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/Ekstak!pz?



File Info:

name: 29F4D52902406F0AC61E.mlw
path: /opt/CAPEv2/storage/binaries/628f78adf3e18616322936b02e1c071fc6b8b5441181b43da2bc0614d9f92bfe
crc32: 5C8B0E9D
md5: 29f4d52902406f0ac61e5e97b30f2e46
sha1: 008f98a1be3ad4d319a9ef0f334a89fc2f8a1440
sha256: 628f78adf3e18616322936b02e1c071fc6b8b5441181b43da2bc0614d9f92bfe
sha512: e07bad4274bba69dd67bf9fcace10926fa9c37cad2194c3b1cbaea9fb7c2c2800cfb3e295eb5b014f56c8fc3add7d73aa24bae1c89ac8973485dc5eceee4f842
ssdeep: 98304:+qw+SRARb7vYX+Ce2+O3xql6DJhv2xLQc+hIdgMBOsZs02p/Q6zZ8aar3T3d:np7BO3xq2iLL+eggOsf2WSlY7d
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T113663393761C58BFDD30FC730B6190678A8BA1FB5C395568A75E8C487F07A518838F22
sha3_384: be82f9113fa9e15e3a00bebbf529b986316255dbfbb3a4e061e209bac84bd5a6404f2a8adf4378b63f33fc615169f304
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 2023-11-20 18:11:24


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: IPyramid team                                               
FileDescription: IPyramid Setup                                              
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: IPyramid                                                    
ProductVersion:                     
Translation: 0x0000 0x04b0

Trojan:Win32/Ekstak!pz also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Ekstak.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Cerbu.194604
FireEyeGen:Variant.Cerbu.194604
SkyhighBehavesLike.Win32.ObfuscatedPoly.vc
ALYacGen:Variant.Cerbu.194604
Cylanceunsafe
ZillyaTrojan.Ekstak.Win32.74901
K7AntiVirusTrojan ( 005722fe1 )
AlibabaTrojanDropper:Win32/Ekstak.86a75405
K7GWTrojan ( 005722fe1 )
CrowdStrikewin/malicious_confidence_70% (D)
ArcabitTrojan.Cerbu.D2F82C
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Ekstak.apumt
BitDefenderGen:Variant.Cerbu.194604
NANO-AntivirusTrojan.Win32.Ekstak.kerckn
AvastOther:Malware-gen [Trj]
TencentWin32.Trojan.Ekstak.Ogil
Ad-AwareGen:Variant.Cerbu.194604
EmsisoftGen:Variant.Cerbu.194604 (B)
F-SecureTrojan.TR/Drop.Agent.jrtmx
DrWebTrojan.Siggen22.13926
VIPREGen:Variant.Cerbu.194604
TrendMicroTROJ_GEN.R002C0XKQ23
SophosMal/Generic-S
SentinelOneStatic AI – Suspicious PE
JiangminTrojan.Ekstak.cihn
AviraTR/Drop.Agent.jrtmx
MicrosoftTrojan:Win32/Ekstak!pz
ZoneAlarmTrojan.Win32.Ekstak.apumt
GDataGen:Variant.Cerbu.194604
AhnLab-V3Trojan/Win.DownloadAssistant.R622897
McAfeeArtemis!29F4D5290240
MAXmalware (ai score=89)
MalwarebytesAdware.DownloadAssistant
TrendMicro-HouseCallTROJ_GEN.R002C0XKQ23
IkarusTrojan.Win32.Agent
MaxSecureTrojan.Malware.220672963.susgen
FortinetW32/Agent.SLC!tr
AVGOther:Malware-gen [Trj]
DeepInstinctMALICIOUS

How to remove Trojan:Win32/Ekstak!pz?

Trojan:Win32/Ekstak!pz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment