| K7 Detection Name | Affected OS | Prevalence | AV Definition Version |
|---|---|---|---|
| Trojan ( 006de70e1 ) | Windows | Low | 14.35.58564 |
| MD5 | 180e3d5a7bba737c402c9a1b86bfce2a |
| SHA256 | dfd1251da5da673223fc362f9ea82f9f536ef04c95c70435b7d5a1b7b9106396 |
| File Size | 689,920 bytes |
| Packer Information | N/A |
| First Seen | 11-02-2026 |
| Last Seen | 28-05-2026 |
| Aliases | GenCBL.FXW |
Behavior Details
1. Creates Registry:
Adds data 10.0.19041.5794 under \REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\BinProductVersion
Adds data \xb8L\xdd\x1e\x00\x00\x00\x00 under \REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\Usn
Adds data \x9b\xe7\x9f\x02\x01″\x00\x80\x89u\xb2\x80\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x11\x04\xae\x02\x02\x00\x02\x00\xd8\xd4\xef\x94\x00\x00\x00\x00\x01\x00\x00\x00y\x02\x00\x00*n\xb2\x02\x01\x00\x00\x80\x94\xd0\x9e\xed\x00\x00\x00\x00\x02\x00\x00\x00\x15\x00\x00\x00y\x1a\xb6\x02\x01\x00\x03\x00\x8c\x8b\xe9\x96\x00\x00\x00\x00\x04\x00\x00\x00\x10\x00\x00\x00\x13\xba\xeb\x02\x01\x02\x00\x80\x81\x82\x1a\xcb\x00\x00\x00\x00\x02\x00\x00\x00\x15\x00\x00\x00\x9e\x96\x03\x03\x01K\x00\x80\xc0\xf2\xcc\xa9\x00\x00\x00\x00\xed\x00\x00\x00\x01\x00\x00\x00 under HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\TIP\AggregateResults\data
Adds data 09/22/1991 17:30:22 under \REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\LinkDate
Adds data rundll32.exe|ccf370e740f0e788 under \REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\LongPathHash
Adds data 0000ab6ef0e3d1da2c79da027825b971a1897d6d0292 under \REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\FileId
Adds data 10.0.19041.5794 under \REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\BinFileVersion
Adds data 0000f519feec486de87ed73cb92d3cac802400000000 under \REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\ProgramId
Adds data c:\windows\syswow64\rundll32.exe under \REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\LowerCaseLongPath
Adds data pe32_i386 under \REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\BinaryType
Adds data rundll32.exe under \REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\OriginalFileName
Adds data 1 under \REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\IsOsComponent
Adds data rundll32.exe under \REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\Name
Adds data 1 under \REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\WritePermissionsCheck
Adds data 10.0.19041.5794 under \REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\ProductVersion
Adds data microsoft corporation under \REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\Publisher
Adds data 10.0.19041.5794 (winbuild.160101.0800) under \REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\Version
Adds data microsoft\xae windows\xae operating system under \REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\ProductName
Adds data 1033 under \REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\Language
Adds data \x00\x1e\x01\x00\x00\x00\x00\x00 under \REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\Size
Removal Instructions
1. Update K7 security to the latest version.
2. Open Windows registry editor and delete the following keys:
\REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\BinProductVersion
\REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\Usn
HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\TIP\AggregateResults\data
\REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\LinkDate
\REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\LongPathHash
\REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\FileId
\REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\BinFileVersion
\REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\ProgramId
\REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\LowerCaseLongPath
\REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\BinaryType
\REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\OriginalFileName
\REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\IsOsComponent
\REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\Name
\REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\WritePermissionsCheck
\REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\ProductVersion
\REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\Publisher
\REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\Version
\REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\ProductName
\REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\Language
\REGISTRY\A\{68672014-98ff-be54-5212-411cb41df6cd}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788\Size
3. Restart the machine.