<< Back to Top Threats
K7 Detection Name Affected OS Prevalence AV Definition Version
Riskware ( 005ce1381 ) Windows Low 14.32.58435
MD5

1d992181338e3779c31f9705557365c9
SHA256

99d0b17d30e12f6a5905a02c2eae3676b32a12a959cdc5cb78b6c83a54a24fe0
File Size

10,997,248 bytes
Packer Information

N/A
First Seen

29-01-2026
Last Seen

31-01-2026
Aliases

Win32/Packed.VMProtect.ACT

Behavior Details

1. Dropped files:
config.ini
Under the folder
C:\Users\\AppData\Roaming\WonderFox Soft\HD Video Converter Factory Pro

2. Dropped files:
ILIST-363F95B1.tmp
ICACHE-15FDB47A.tmp
Under the folder
C:\Users\\AppData\Local\Temp

3. Creates Registry:

Adds registry data
31,31,31,31

Under the key:
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib\ 1024x768x32(BGR 0)

Removal Instructions

1. Update the copy of K7 security to the latest version.
2. Scan the system completely and remove the detected files.
3. Open Windows registry editor.
4. Delete the registry data
31,31,31,31

Under the key:
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib\ 1024x768x32(BGR 0)
5. Close the Windows registry.
6. Restart the machine.