| K7 Detection Name | Affected OS | Prevalence | AV Definition Version |
|---|---|---|---|
| Trojan ( 005429a61 ) | Windows | High | 12.128.50334 |
| MD5 | a2bfe816f6c74ef2739ea1aaf1a8b584 |
| SHA256 | 24d33ff73c3f2dd24fdf6c1bc92a57371070ff530564ef3e81bf096cfafbda84 |
| File Size | 38,400 bytes |
| Packer Information | N/A |
| First Seen | 28-11-2023 |
| Last Seen | 18-02-2025 |
| Aliases | Win32/Agent.TZB |
Behavior Details
1. Dropped files:
SQMHelper
Under the folder
\Device\Afd
2. Creates Registry:
Adds registry data
223.5.5.5,8.8.8.8
Under the key:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{D572B176-8ECB-491D-9424-FA4466CA813B}\NameServer
Removal Instructions
1. Update the copy of K7 security to the latest version.
2. Scan the system completely and remove the detected files.
3. Open Windows registry editor.
4. Delete the registry data
223.5.5.5,8.8.8.8
Under the key:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{D572B176-8ECB-491D-9424-FA4466CA813B}\NameServer
5. Close the Windows registry.
6. Restart the machine.