| K7 Detection Name | Affected OS | Prevalence | AV Definition Version |
|---|---|---|---|
| Trojan-Downloader ( 006d67e21 ) | Windows | Low | 14.28.58250 |
| MD5 | 3a557b54fefaab739759f4dec2d065d7 |
| SHA256 | 89a63487a28ab7e99863c0160b73fd7931059124e0c3b944c40b999769a7b6a0 |
| File Size | 583,384 bytes |
| Packer Information | N/A |
| First Seen | 10-01-2026 |
| Last Seen | 25-05-2026 |
| Aliases | TrojanDownloader.Agent.CMJ |
Behavior Details
1. Creates Registry:
Adds data 1 under HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
Adds data 1 under HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
Adds data 0 under HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
Adds data 1 under HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
Removal Instructions
1. Update K7 security to the latest version.
2. Open Windows registry editor and delete the following keys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
3. Restart the machine.