Trojan-Downloader ( 0059c6a11 )

<< Back to Top Threats

K7 Detection Name	Affected OS	Prevalence	AV Definition Version
Trojan-Downloader ( 0059c6a11 )	Windows	Low	12.176.52603

MD5	be5f9dcc10b09266fab224f8274614f5
SHA256	d5abca492c2a4130559c224fe3e76013c722f48f69561516384450191d6a2154
File Size	37,252,339 bytes
Packer Information	N/A
First Seen	15-07-2024
Last Seen	06-11-2024
Aliases	Win32/TrojanDownloader.Agent.GPE

Behavior Details

1. Dropped files:
     be5f9dcc10b09266fab2.dat.tmp
  Under the folder
       C:\Users\<user_name>\AppData\Local\Temp\is-A319R.tmp

2. Dropped files:
     _setup64.tmp
  Under the folder
       C:\Users\<user_name>\AppData\Local\Temp\is-SAQTH.tmp\_isetup

3. Creates Registry:

  Adds registry data
     |
\x00\x00\xcem#\xc2\xbb1\xdb\x01

  Under the key:
	 HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\Owner

  Adds registry data
     w\x1f\xabk\x8b=\x02@\xb1\x17\x0b\x0e\xe6\xcfe\xac7r\xf4\x86\x92\xd9\x18|\x96\x90\xfc\x9ad.\x8d\x9b

  Under the key:
	 HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\SessionHash

  Adds registry data
     1

  Under the key:
	 HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\Sequence

Removal Instructions

1. Update the copy of K7 security to the latest version.
2. Scan the system completely and remove the detected files.
3. Open Windows registry editor.
4. Delete the registry data
     |
\x00\x00\xcem#\xc2\xbb1\xdb\x01

   Under the key:
    HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\Owner

5. Delete the registry data
     w\x1f\xabk\x8b=\x02@\xb1\x17\x0b\x0e\xe6\xcfe\xac7r\xf4\x86\x92\xd9\x18|\x96\x90\xfc\x9ad.\x8d\x9b

   Under the key:
    HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\SessionHash

6. Delete the registry data
     1

   Under the key:
    HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\Sequence
7. Close the Windows registry.
8. Restart the machine.