| K7 Detection Name | Affected OS | Prevalence | AV Definition Version |
|---|---|---|---|
| Trojan ( 005a01531 ) | Windows | Low | 12.72.47285 |
| MD5 | a42a3d1638d4a32f0c31db6ed7735d34 |
| SHA256 | c8d3029b521e37a8b60f97ccd34fa63c487979038b9846f8c50387b5c80d9a30 |
| File Size | 514,472 bytes |
| Packer Information | N/A |
| First Seen | 15-03-2023 |
| Last Seen | 14-07-2023 |
| Aliases | Win32/Kryptik.HSZA |
Behavior Details
1. Creates Registry:
Adds registry data
C:\Users\John\AppData\Local\Temp\a42a3d1638d4a32f0c31.dat.exe
Under the key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\a42a3d1638d4a32f0c31.dat.exe
Removal Instructions
1. Update the copy of K7 security to the latest version.
2. Open Windows registry editor.
3. Delete the registry data
C:\Users\John\AppData\Local\Temp\a42a3d1638d4a32f0c31.dat.exe
Under the key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\a42a3d1638d4a32f0c31.dat.exe
4. Close the Windows registry.
5. Restart the machine.