Malware

WebToolbar.Win32.Estapa.vt information

Malware Removal

The WebToolbar.Win32.Estapa.vt is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What WebToolbar.Win32.Estapa.vt virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Spanish (Mexican)
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine WebToolbar.Win32.Estapa.vt?



File Info:

name: 765CBD6AF56399FB9C56.mlw
path: /opt/CAPEv2/storage/binaries/67d4bfddc92c2f585259a4f8e176603c631c43c9e914a1c7125c83b42a84e402
crc32: FDCDB9B5
md5: 765cbd6af56399fb9c5605a804ba6888
sha1: e3161d77908179a7259a828155f9e08130e12657
sha256: 67d4bfddc92c2f585259a4f8e176603c631c43c9e914a1c7125c83b42a84e402
sha512: d0a458b213cb56ac95f4bedb3aac2c229573396707c5e321b715fc26ae364b91b14c0ad1caad2f8c110e99279c2737a13adabe8f6679d671f6b9d88c3ede5892
ssdeep: 49152:RUHMxqAHeFBbzWv1ciXoc7PnbPyBMSMpCjpitSuNJCoULGn:R4gHeBKTqGn
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F285496594754423F09024F4D25D8EBB791327B23F604C327BCC6F4158BA7EA4A2A7AF
sha3_384: d6338e4890d7649c25537adafeb731e5b0190cbc83e462f768ad0a33a7e9fe644bc018bc1f1b9265ac72350423a15d54
ep_bytes: 558bec6aff68a0d94a006810804a0064
timestamp: 2015-04-20 14:33:12


Version Info:

Comments: 
CompanyName: Satinfo SL.
FileDescription: Utilidad
FileVersion: 2, 14, 4, 14
InternalName: Elis
LegalCopyright: Copyright (C) 2015
LegalTrademarks: 
OriginalFilename: Elis.EXE
PrivateBuild: 
ProductName: Aplicación Elis
ProductVersion: 2, 14, 4, 14
SpecialBuild: 
Translation: 0x0c0a 0x04b0

WebToolbar.Win32.Estapa.vt also known as:

Elasticmalicious (high confidence)
FireEyeGeneric.mg.765cbd6af56399fb
CylanceUnsafe
Sangfor[ARMADILLO V1.71]
K7AntiVirusTrojan ( 004bcce41 )
K7GWTrojan ( 004bcce41 )
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ClamAVWin.Trojan.Mikey-9958102-0
Kasperskynot-a-virus:WebToolbar.Win32.Estapa.vt
APEXMalicious
ComodoTrojWare.Win32.TrojanDownloader.IstBar.~L@f815z
DrWebTrojan.Siggen6.35999
Trapminemalicious.high.ml.score
SophosGeneric ML PUA (PUA)
IkarusTrojan-Downloader.Win32.IstBar
JiangminTrojan.Script.autq
AviraTR/Crypt.XPACK.Gen
Antiy-AVLTrojan/Generic.ASMalwS.3C17
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
McAfeeGenericRXAA-FA!765CBD6AF563
VBA32BScope.Trojan.DiskWriter
MalwarebytesMalware.AI.4109240974
AvastWin32:Malware-gen
RisingTrojan.Agent!1.6853 (CLASSIC)
YandexTrojan.GenAsa!F4O8qdW+2fg
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.121218.susgen
AVGWin32:Malware-gen
Cybereasonmalicious.790817

How to remove WebToolbar.Win32.Estapa.vt?

WebToolbar.Win32.Estapa.vt removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment