| K7 Detection Name | Affected OS | Prevalence | AV Definition Version |
|---|---|---|---|
| Trojan ( 005b803a1 ) | Windows | Low | 12.181.52879 |
| MD5 | 0ec1f7cc17b6402cd2df150e0e5e92ca |
| SHA256 | 4c5ca5701285337a96298ebf994f8ba013d290c63afa65b5c2b05771fbbb9ed4 |
| File Size | 327,168 bytes |
| Packer Information | N/A |
| First Seen | 09-08-2024 |
| Last Seen | 14-10-2024 |
| Aliases | Win32/Agent.AGPC |
Behavior Details
1. Dropped files:
Cerker.exe
Under the folder
C:\Windows\sysnative\Tasks
2. Dropped files:
Report.wer.tmp
Report.wer
Under the folder
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_e317d1ce19fa961dfda531fc4a2c595260922c_cab_052972aa
3. Dropped files:
Endpoint
Under the folder
\Device\Afd
4. Dropped files:
RasAcd
Under the folder
\Device
5. Dropped files:
ValidationTask
ValidationTaskDeadline
Under the folder
C:\Windows\sysnative\Tasks\Microsoft\Windows\Windows Activation Technologies
6. Creates Registry:
Adds registry data
C:\Users\<user_name>\AppData\Local\Temp\349587345342
Under the key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\USER SHELL FOLDERS\Startup
Adds registry data
C:\Users\<user_name>\AppData\Local\Temp\349587345342\Cerker.exe
Under the key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RUNONCE\Cerker.exe
Removal Instructions
1. Update the copy of K7 security to the latest version.
2. Scan the system completely and remove the detected files.
3. Open Windows registry editor.
4. Delete the registry data
C:\Users\<user_name>\AppData\Local\Temp\349587345342
Under the key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\USER SHELL FOLDERS\Startup
5. Delete the registry data
C:\Users\<user_name>\AppData\Local\Temp\349587345342\Cerker.exe
Under the key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RUNONCE\Cerker.exe
6. Close the Windows registry.
7. Restart the machine.