Malware

Win32/Injector.EKAG (file analysis)

Malware Removal

The Win32/Injector.EKAG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Injector.EKAG virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Drops a binary and executes it
  • Executed a process and injected code into it, probably while unpacking
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients
  • Harvests information related to installed mail clients
  • Attempts to interact with an Alternate Data Stream (ADS)
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

How to determine Win32/Injector.EKAG?


File Info:

crc32: DC731590
md5: 830710af93fc0c001f4e1f97fafc8586
name: 2050-11.jpg
sha1: 5fb61c554cdcff001d44121665cc15600ae85408
sha256: cb30f65be7c683c61cb3b653d07ab38bf7baef894bdceb4832c4b11a6a269caa
sha512: dae5dc7d10ba5cd1f7e9077f5edf4e44606fbe96566d4bdd168f19489c8914a98071d0769162bbef918d4b443bba00652ad77114887d26f50e1194b49f0bd06d
ssdeep: 12288:KTqWJyjhoH25QQwpfwqrYWtQ3derFJdz0pEbifQPlvw+Sm1g:KWQyyH2SPwqZ8dyGYlfSmG
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Win32/Injector.EKAG also known as:

DrWebTrojan.PWS.Stealer.23680
FireEyeGeneric.mg.830710af93fc0c00
McAfeeArtemis!830710AF93FC
CylanceUnsafe
AegisLabTrojan.Multi.Generic.4!c
K7AntiVirusRiskware ( 0040eff71 )
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.54cdcf
TrendMicroTSPY_HPLOKI.SMBD
BitDefenderThetaGen:NN.ZelphiF.34082.ZGW@aeL@fUbi
SymantecML.Attribute.HighConfidence
APEXMalicious
KasperskyUDS:DangerousObject.Multi.Generic
RisingTrojan.Injector!1.AFE3 (CLOUD)
Endgamemalicious (high confidence)
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Fareit.ch
Trapminemalicious.high.ml.score
CyrenW32/Kryptik.CZNI-2487
MicrosoftTrojan:Win32/Wacatac.D!ml
ZoneAlarmUDS:DangerousObject.Multi.Generic
AhnLab-V3Win-Trojan/Delphiless.Exp
Acronissuspicious
ESET-NOD32a variant of Win32/Injector.EKAG
TrendMicro-HouseCallTSPY_HPLOKI.SMBD
SentinelOneDFI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/Agent.AJFK!tr
AVGFileRepMalware
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Injector.EKAG?

Win32/Injector.EKAG removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment