Trojan-Downloader ( 0057994f1 )

<< Back to Top Threats

K7 Detection Name	Affected OS	Prevalence	AV Definition Version
Trojan-Downloader ( 0057994f1 )	Windows	Low	12.124.50165

MD5	0099a99f5ffb3c3ae78af0084136fab3
SHA256	919ae827ff59fcbe3dbaea9e62855a4d27690818189f696cfb5916a88c823226
File Size	428,544 bytes
Packer Information	NA
First Seen	10-11-2023
Last Seen	20-04-2024
Aliases	TrojanDownloader.Amadey.A

Behavior Details

1. Dropped files:
     Report.wer.tmp
     Report.wer
  Under the folder
       C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_e317d1ce19fa961dfda531fc4a2c595260922c_cab_052972aa

2. Dropped files:
     Endpoint
  Under the folder
       \Device\Afd

3. Dropped files:
     RasAcd
  Under the folder
       \Device

4. Dropped files:
     ValidationTask
     ValidationTaskDeadline
  Under the folder
       C:\Windows\sysnative\Tasks\Microsoft\Windows\Windows Activation Technologies

5. Dropped files:
     0099a99f5ffb3c3ae78a.dat.exe
  Under the folder
       C:\Windows\sysnative\Tasks

6. Dropped files:
     Uploader
  Under the folder
       C:\Windows\sysnative\Tasks\Microsoft\Windows\Customer Experience Improvement Program

7. Creates Registry:

  Adds registry data
     C:\Users\<user_name>\AppData\Local\Temp\

  Under the key:
	 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Startup

  Adds registry data
     0

  Under the key:
	 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet

  Adds registry data
     1

  Under the key:
	 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect

Removal Instructions

1. Update the copy of K7 security to the latest version.
2. Scan the system completely and remove the detected files.
3. Open Windows registry editor.
4. Delete the registry data
     C:\Users\<user_name>\AppData\Local\Temp\

   Under the key:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Startup

5. Delete the registry data
     0

   Under the key:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet

6. Delete the registry data
     1

   Under the key:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
7. Close the Windows registry.
8. Restart the machine.