| K7 Detection Name | Affected OS | Prevalence | AV Definition Version |
|---|---|---|---|
| Trojan ( 005ba9df1 ) | Windows | Low | 12.189.53322 |
| MD5 | 1d2284a560a1680956f8e8f2306634f7 |
| SHA256 | 8c5dd0ef94395999066dc28edd48fbd5532190039440eecd0d1866a9deb4c6d4 |
| File Size | 923,136 bytes |
| Packer Information | N/A |
| First Seen | 19-09-2024 |
| Last Seen | 14-10-2024 |
| Aliases | MSIL/Kryptik.AMIH |
Behavior Details
1. Dropped files:
GDIPFONTCACHEV1.DAT
Under the folder
C:\Users\<user_name>\AppData\Local
2. Dropped files:
iCGJaf.exe
Under the folder
C:\Users\<user_name>\AppData\Roaming
3. Dropped files:
tmpD1DC.tmp
Under the folder
C:\Users\<user_name>\AppData\Local\Temp
4. Dropped files:
Windows PowerShell.lnk
Under the folder
C:\Users\<user_name>\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
5. Dropped files:
FFXQLABVVDKLMREVHVZE.temp
d93f411851d7c929.customDestinations-ms
AECFO2PXBOSQATPIDM9X.temp
Under the folder
C:\Users\<user_name>\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
6. Dropped files:
iCGJaf
Under the folder
C:\Windows\sysnative\Tasks\Updates
7. Dropped files:
RecentFileCache.bcf
Under the folder
C:\Windows\appcompat\Programs
8. Creates Registry:
Adds registry data
0
Under the key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
Adds registry data
1
Under the key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
Removal Instructions
1. Update the copy of K7 security to the latest version.
2. Scan the system completely and remove the detected files.
3. Open Windows registry editor.
4. Delete the registry data
0
Under the key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
5. Delete the registry data
1
Under the key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
6. Close the Windows registry.
7. Restart the machine.