<< Back to Top Threats
K7 Detection Name Affected OS Prevalence AV Definition Version
Trojan ( 005ba9df1 ) Windows Low 12.189.53322
MD5

1d2284a560a1680956f8e8f2306634f7

SHA256

8c5dd0ef94395999066dc28edd48fbd5532190039440eecd0d1866a9deb4c6d4

File Size

923,136 bytes

Packer Information

N/A

First Seen

19-09-2024

Last Seen

14-10-2024

Aliases

MSIL/Kryptik.AMIH

Behavior Details

1. Dropped files:
     GDIPFONTCACHEV1.DAT
  Under the folder
       C:\Users\<user_name>\AppData\Local

2. Dropped files:
     iCGJaf.exe
  Under the folder
       C:\Users\<user_name>\AppData\Roaming

3. Dropped files:
     tmpD1DC.tmp
  Under the folder
       C:\Users\<user_name>\AppData\Local\Temp

4. Dropped files:
     Windows PowerShell.lnk
  Under the folder
       C:\Users\<user_name>\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell

5. Dropped files:
     FFXQLABVVDKLMREVHVZE.temp
     d93f411851d7c929.customDestinations-ms
     AECFO2PXBOSQATPIDM9X.temp
  Under the folder
       C:\Users\<user_name>\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations

6. Dropped files:
     iCGJaf
  Under the folder
       C:\Windows\sysnative\Tasks\Updates

7. Dropped files:
     RecentFileCache.bcf
  Under the folder
       C:\Windows\appcompat\Programs

8. Creates Registry:

  Adds registry data
     0

  Under the key:
	 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet

  Adds registry data
     1

  Under the key:
	 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect

Removal Instructions

1. Update the copy of K7 security to the latest version.
2. Scan the system completely and remove the detected files.
3. Open Windows registry editor.
4. Delete the registry data
     0

   Under the key:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet

5. Delete the registry data
     1

   Under the key:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
6. Close the Windows registry.
7. Restart the machine.