| K7 Detection Name | Affected OS | Prevalence | AV Definition Version |
|---|---|---|---|
| Trojan ( 005794081 ) | Windows | Low | 12.190.53413 |
| MD5 | aa5ac17849c9ba89ffd713a8ba6e75ad |
| SHA256 | fc8d2c424b28f37371e81e5c8e4780b739ce85ed79429ddae6f740381541ff5b |
| File Size | 162,816 bytes |
| Packer Information | N/A |
| First Seen | 28-09-2024 |
| Last Seen | 22-01-2025 |
| Aliases | Win32/Packed.ExeScript.J |
Behavior Details
1. Dropped files:
Untitled1.bat
Microsoft.Bat
Under the folder
C:\Program Files\Common Files\System\msadc
2. Creates Registry:
Adds registry data
gpnbdin.in.bd@gmail.com
Under the key:
HKEY_CURRENT_USER\Software\Grass Valley\EDIUSID\1
Adds registry data
957A83A94D7C7E5FC2DBE43FCDD6E46834D5D902C511A4F82DFF09707CD1A6A3C9401F5AC69AA48857931E4519550735A10E41DDAE3A441FFC6A76D698AA156C
Under the key:
HKEY_CURRENT_USER\Software\Grass Valley\EDIUSID\2
Removal Instructions
1. Update the copy of K7 security to the latest version.
2. Scan the system completely and remove the detected files.
3. Open Windows registry editor.
4. Delete the registry data
gpnbdin.in.bd@gmail.com
Under the key:
HKEY_CURRENT_USER\Software\Grass Valley\EDIUSID\1
5. Delete the registry data
957A83A94D7C7E5FC2DBE43FCDD6E46834D5D902C511A4F82DFF09707CD1A6A3C9401F5AC69AA48857931E4519550735A10E41DDAE3A441FFC6A76D698AA156C
Under the key:
HKEY_CURRENT_USER\Software\Grass Valley\EDIUSID\2
6. Close the Windows registry.
7. Restart the machine.