Trojan

UDS:Trojan.Win32.Ekstak.amrpi removal guide

Malware Removal

The UDS:Trojan.Win32.Ekstak.amrpi is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What UDS:Trojan.Win32.Ekstak.amrpi virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing
  • Deletes executed files from disk

How to determine UDS:Trojan.Win32.Ekstak.amrpi?



File Info:

name: 6E9DEBD579E16AF752E3.mlw
path: /opt/CAPEv2/storage/binaries/3db360cd093bce2e151e34c788f3076bf1b1593a2358aebdeb6071af28399172
crc32: 2C40DE56
md5: 6e9debd579e16af752e3d23146727290
sha1: d5cfd5a358be2be7db0142fc6313afcf0213c682
sha256: 3db360cd093bce2e151e34c788f3076bf1b1593a2358aebdeb6071af28399172
sha512: 6e97640a3bbff21e1af8c9de1dc6ca5f925662bce9ed60cc86cc7a88789279f4bea78b4e7c299071313d279935cd6d9af1c598fb7d76e30161be343a1d58674c
ssdeep: 98304:IiAaR6LiWYT28TK9dNFjwum/zI6zksx8Y+Olf0dizUOEcGMTpux/Tz4cAo5N:RfEL19cWm/U6zkPPOJ9Gkp2YcN5N
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12A4633FA6AC3995FC5B0853AC72262AD5513ADE13A104BE9237D5D3F696F30C088F352
sha3_384: 0210a9915169d14960acd7974038898168346085182207b99c10db5774962d5a8a1fd4729953b844021b9c6941515b31
ep_bytes: 558bec83c4d453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup: http://www.innosetup.com
CompanyName:                                                             
FileDescription: File cloner                                                 
FileVersion: 0.0.0.0             
InternalName: 
OriginalFilename: 
ProductName: 
ProductVersion: 
Translation: 0x0409 0x04e4

UDS:Trojan.Win32.Ekstak.amrpi also known as:

LionicTrojan.Win32.Ekstak.4!c
Elasticmalicious (moderate confidence)
McAfeeArtemis!6E9DEBD579E1
CylanceUnsafe
SangforTrojan.Win32.Agent.V1b1
K7AntiVirusTrojan ( 005722f11 )
K7GWTrojan ( 005722f11 )
SymantecTrojan.Gen.2
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
Paloaltogeneric.ml
KasperskyUDS:Trojan.Win32.Ekstak.amrpi
AvastFileRepMalware [Adw]
SophosMal/Generic-S
McAfee-GW-EditionArtemis!Trojan
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataWin32.Backdoor.Bodelph.TN2V04
MalwarebytesAdware.DownloadAssistant
AVGFileRepMalware [Adw]

How to remove UDS:Trojan.Win32.Ekstak.amrpi?

UDS:Trojan.Win32.Ekstak.amrpi removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment