| K7 Detection Name | Affected OS | Prevalence | AV Definition Version |
|---|---|---|---|
| Hacktool ( 005d2b421 ) | Windows | Low | 12.189.53322 |
| MD5 | 64e3b728408137bffd6197fa3ae34312 |
| SHA256 | ecbcb7bcfd7749f2da965963708bf43ca96d87455e9caca87725e8998bce2636 |
| File Size | 1,970,449 bytes |
| Packer Information | N/A |
| First Seen | 19-09-2024 |
| Last Seen | 28-05-2026 |
| Aliases | Agent!MTB |
Behavior Details
1. Creates Registry:
Adds data 1 under HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
Adds data 1 under HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
Adds data 0 under HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
Adds data 1 under HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
Removal Instructions
1. Update K7 security to the latest version.
2. Open Windows registry editor and delete the following keys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
3. Restart the machine.