Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Ekstak.CA

Trojan.Ekstak.CA

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 10,568
Threat Level: 90 % (High)
Infected Computers: 518
First Seen: July 24, 2009
Last Seen: February 2, 2026
OS(es) Affected: Windows

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor Detection
TrendMicro WORM_UTOTI.RC
Symantec W32.SillyDC
Sunbelt Worm.Win32.Autoit.P
Prevx1 Malicious Software
Panda W32/Autorun.SF
NOD32 Win32/Autoit.BA
McAfee Generic.dx
Ikarus Worm.Win32.AutoIt
GData Win32.Worm.Autoit.P
Fortinet W32/Autorun.H!worm
eTrust-Vet Win32/Vishawon.A
eSafe Suspicious File
Comodo Worm.Win32.AutoIt.i
ClamAV Trojan.Autoit-14
CAT-QuickHeal Worm.Autoit.i

SpyHunter Detects & Remove Trojan.Ekstak.CA

File System Details

Trojan.Ekstak.CA may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. Msmsgs.exe 7eae3ace4efaf2ce46234688451712d3 0

Analysis Report

General information

Family Name: Trojan.Ekstak.CA
Signature status: No Signature

Known Samples

MD5: f8ab2927365e50a9b4aad8573bc2623c
SHA1: 6580b7c4f355be5723e5d46878336d747f330212
SHA256: AD86AF432285CD2D91E4B91FFEBAFB8386AF1851D95E0A229539DDDE2C45D540
File Size: 3.63 MB, 3633149 bytes
MD5: 1844c432a530d16754cd179b8f6653ea
SHA1: 0b09b8512247559c0dd8f39d6927755113d2a0f6
SHA256: 50EEFF1C9C8035F42B78A1DA89CA89B56AC7609C757FEBC19FF84525CB1C6126
File Size: 4.36 MB, 4355958 bytes
MD5: c45c7f7fd2a255cbcf6f473c2158d877
SHA1: c03a9c32f26cf00ec6f0e470ff7dd99b4275a73a
SHA256: 83DF37EB035FDC46EA03AC91279B1A5E5DEA4BFBCA22BBCBA16C44279E586224
File Size: 2.40 MB, 2401792 bytes
MD5: e3f51541c755023733610353a12ac261
SHA1: 2a95c0f2fec456e156de93b8e9565fd884095686
SHA256: A283E1F38E4F21E6F8750BF448991FEECDE74DD68245DB3435FB3A4F9A462C32
File Size: 5.49 MB, 5487918 bytes
MD5: 5c95683bdc90a17a62dcce110569ec13
SHA1: b345b6b1f3e7ba15585c16eafaa4cb1a4ec14f49
SHA256: 86378F6E305CC240AF83DE71EA00C9D7F00ADED6127C6A917DB518A6F9EAF39B
File Size: 5.93 MB, 5933908 bytes
Show More
MD5: 470515414df7a5b870fd60ec572d4832
SHA1: 9b4d42a1d035002253e145a476623854923da05c
SHA256: 86E1A0B56CC0B1A91D03128B0FE9BE09A74D639E50DA03163D5DD5739ED5E8B6
File Size: 3.39 MB, 3387176 bytes
MD5: 0c9c9e367d8225d8375000feedc4139f
SHA1: 79a3e3e9548d048239501bbaa3cda52c582b4c70
SHA256: CACFA94849EEF6B94EBE4F649DDB977E954F699B004A1C6343511E484B34527C
File Size: 5.50 MB, 5495070 bytes
MD5: 2325bb42aa2e819d54724de263938584
SHA1: 569962f335d7f85de1e3d9a19f3e0bde2fe5e504
SHA256: 7F40EB04442F245D26D14BF22DF67B8BA8F5ED7830E3D4C8744C0BBAD371C5EB
File Size: 3.67 MB, 3671622 bytes
MD5: 08ec0b5b31ae374574b7a64b3e87b4b9
SHA1: f669ea0c71615524e9a5f96714dc0478ab9635c1
SHA256: DEF8603E1094739399420871AC7D96B188AABE32614F43F17AE630BCB8512E54
File Size: 3.39 MB, 3388118 bytes
MD5: 3905c72665d91077f6ccade1381fd291
SHA1: 1c93d1db2535424710a65bd20bfbef5d90d33b69
SHA256: 43B6A4C588188224657B6B099A1D64A71B6B439A8679C0199765CFCF3E527AF0
File Size: 3.57 MB, 3567578 bytes
MD5: e27540ed7dce2b375a39517502c52e12
SHA1: a0007d47d8e5ee5427daa9798b43ee676d995b86
SHA256: 77093BCC61CF886DDFA38244E9B43322D0EE0E4806DBD791CA9CF17C9336CFCC
File Size: 4.07 MB, 4072448 bytes
MD5: 1ba78fb463309251903bb4982b291649
SHA1: 37e4ea3e247948c1d86598b1a72904c9ebb8e3bb
SHA256: C69C21F1E3382CE2DE4F14BABF82A0973753B071BAD64B93A5A4A96DF3D3E5B1
File Size: 4.30 MB, 4304890 bytes
MD5: 80676b5dad2edb2dc4ead840725b768b
SHA1: bc8b60af5b62b4f91fb3cd0c536855563b9ea984
SHA256: 124213CAA31122FCA2A2CA1B79A93C43FD2841C2C629F3C87DE3C223907FF44C
File Size: 8.74 MB, 8739655 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
Company Name
  • Cheeth Mobile Inc.
  • CW Software
  • eSIM Client
  • GPyramid
  • LSoft Technologies Inc
File Description
  • Active@ Uneraser
  • Crash Report Delivery Module
  • CWave Calculation
  • Disk Write Copy управляющая программа
  • eSIM Client
  • ExtractNow
  • TUGZip archiver
File Version
  • 2017,10,23,80
  • 16.0.2.0
  • 7.2.7.0
  • 4,8,3,0
  • 3.5.5.30
  • 2.4.9.1
  • 1.5.0.3570
  • 1.4.0.3
  • 1.0.11.20
  • 1.0.0.1
Show More
  • 0.1.1.4
Internal Name
  • CrashSender
  • CWave Calculation
  • DiskWriteCopy.exe
  • extractnow
  • TVGZip530
  • Uneraser
Legal Copyright
  • Copyright (C) 1998-2020 LSoft Technologies
  • Copyright(c) 2011-2017 Cheeth Mobile Inc.
  • Copyright 2003-2013 The CrashRpt Project Authors
Original Filename
  • CrashSender.exe
  • CWave Calculation
  • DiskWriteCopy_Exe.exe
  • eSIM Client.exe
  • extractnow.exe
  • GPyramid.exe
  • TUGZip.exe
  • Uneraser.exe
Product Name
  • Clean Master For PC
  • CrashRpt
  • CWave Calculation
  • eSIM Client
  • ExtractNow
  • GPyramid
  • TVGZip530
  • Uneraser Application
Product Version
  • 16.0.2.0
  • 9,3,322965,80
  • 7.2.7.0
  • 4,8,3,0
  • 3.5.5.30
  • 2.4.9.1
  • 1.5.0.3570
  • 1.4.0.3
  • 1.0.11.20
  • 1.0.0.1
Show More
  • 0.1.1.4

File Traits

  • 2+ executable sections
  • HighEntropy
  • imgui
  • No Version Info
  • VirtualQueryEx
  • x86

Files Modified

File Attributes
c:\users\user\appdata\local\temp\is-p65m0.tmp\teamviewer serial key.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_5203453 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\crack.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\crack.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx1 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx1\__tmp_rar_sfx_access_check_5204921 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx1\teamviewer 15 crack.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx1\teamviewer 15 crack.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx1\teamviewer serial key.exe Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\rarsfx1\teamviewer serial key.exe Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Keyboard Access
  • GetKeyState
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx

Shell Command Execution

(NULL) C:\Users\Qwtlwgbf\AppData\Local\Temp\RarSFX0\Crack.exe
(NULL) C:\Users\Qwtlwgbf\AppData\Local\Temp\RarSFX1\TeamViewer 15 Crack.exe
(NULL) C:\Users\Qwtlwgbf\AppData\Local\Temp\RarSFX1\TeamViewer Serial Key.exe
"C:\Users\Qwtlwgbf\AppData\Local\Temp\is-P65M0.tmp\TeamViewer Serial Key.tmp" /SL5="$5034A,7223725,58368,C:\Users\Qwtlwgbf\AppData\Local\Temp\RarSFX1\TeamViewer Serial Key.exe"

Trending

Most Viewed

Loading...