Trojan

UDS:Trojan.Win32.Ekstak.amuqu (file analysis)

Malware Removal

The UDS:Trojan.Win32.Ekstak.amuqu is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What UDS:Trojan.Win32.Ekstak.amuqu virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Deletes executed files from disk

How to determine UDS:Trojan.Win32.Ekstak.amuqu?


File Info:

name: 7725C1C733C929EF9BD0.mlw
path: /opt/CAPEv2/storage/binaries/e296f5d13a4a3c86767d5f9c2559b2e79d400b9e45b17b5076890b2070a8510d
crc32: 8B76082F
md5: 7725c1c733c929ef9bd0b6cbe33bcef5
sha1: 411296169c1f906556e3fbbb50e14f43d7a0b336
sha256: e296f5d13a4a3c86767d5f9c2559b2e79d400b9e45b17b5076890b2070a8510d
sha512: 5bb2e5610733eb714d92d989adcba7b10bc8d80e58727009f305e9076bd1431a3728314c4c0c3971ea400fc8692ef081b34672a137770488e8ea1965d642e10c
ssdeep: 196608:wGggv2JNceNhJVTuPKPwkKoEqbAlqLVDCLQx+9fKZJ+Qk3+UNdWtnp:wGMhfuyPwkKmbAlqRuLxfKZJ+lOUqtp
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B4A6338794D80336DE66DCB2AA3268D60436BD1D887273C93F887207D97B9B34837567
sha3_384: 6269c4a863486fb7d491f8336c52226ba1123fa6677972ce507585b935513f2a519957264b27195f6c3220380adef477
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 2020-09-04 02:13:27

Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Tone Software
FileDescription: MP3 Splitter Setup
FileVersion:
LegalCopyright:
ProductName: MP3 Splitter
ProductVersion: 8.26.0.6
Translation: 0x0000 0x04b0

UDS:Trojan.Win32.Ekstak.amuqu also known as:

DrWebTrojan.DownLoader34.37915
K7AntiVirusTrojan ( 0058de6b1 )
K7GWTrojan ( 0058de6b1 )
VirITTrojan.Win32.Dnldr34.CECH
CyrenW32/Zurgop.E.gen!Eldorado
SymantecTrojan.Gen.MBT
Elasticmalicious (high confidence)
ESET-NOD32multiple detections
KasperskyUDS:Trojan.Win32.Ekstak.amuqu
AvastWin32:AdwareX-gen [Adw]
EmsisoftAdware.Downloader (A)
McAfee-GW-EditionBehavesLike.Win32.AdwareFileTour.tc
Trapminesuspicious.low.ml.score
SophosMal/Generic-R + Troj/Agent-BFJN
SentinelOneStatic AI – Suspicious PE
JiangminTrojan.Ekstak.bjrp
GoogleDetected
AviraHEUR/AGEN.1219016
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3PUP/Win32.DownloadAssistant.R350741
MalwarebytesAdware.DownloadAssistant
APEXMalicious
YandexTrojan.DL.Zurgop!g859OwEhnhU
IkarusTrojan.Win32.Krazy
FortinetW32/Zurgop.DJ!tr.dldr
AVGWin32:AdwareX-gen [Adw]
CrowdStrikewin/malicious_confidence_70% (W)

How to remove UDS:Trojan.Win32.Ekstak.amuqu?

UDS:Trojan.Win32.Ekstak.amuqu removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment