virus logo Virus

W32/QQHelper.KX!tr.dldr

description-logoAnalysis

  • The malware drops the following files:
    • undefinedSystemDirundefined\-10895.exe
    run.exe
    file run.exe is dropped in the current folder where the original sample is executed.
  • The malware applies the following registry modifications
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\
    undefinedSystemDirundefined\-10895.exe = "undefinedSystemDirundefined\-10895.exe:*:Enabled:"
  • It has an approximate size of 66560 to 132096 bytes, since there are many known slight variants in the wild, and they are usually compressed using UPX.

    • recommended-action-logoRecommended Action


      FortiGate systems:
    • check the main screen using the web interface to ensure the latest AV/NIDS database has been downloaded and installed -- if required, enable the " Allow Push Update" option

      • FortiClient systems:
    • Quarantine/Delete infected files detected and replace infected files with clean backup copies

    Telemetry logoTelemetry

    Detection Availability

    FortiGate
    Extreme
    FortiClient
    Extended
    FortiMail
    Extended
    FortiSandbox
    Extended
    FortiWeb
    Extended
    Web Application Firewall
    Extended
    FortiIsolator
    Extended
    FortiDeceptor
    Extended
    FortiEDR

    Version Updates

    Date Version Detail
    2024-04-15 92.03397
    2024-02-25 92.01912
    2023-10-24 91.08167
    2023-09-15 91.06976
    2022-11-01 90.07437
    2022-09-10 90.05866
    2022-06-28 90.03672
    2022-04-19 90.01533
    2021-07-20 87.00765
    2021-05-07 85.00990
    ID 295719
    Released Oct 08, 2006
    Description
    Updated    		 Oct 15, 2006
    Aliases QLowZones-14 trojan, QLowZones.14!tr, Trojan-Downloader.Win32.QQHelper.ki
    Platform Profile Win32 file format / PE 32 bit
    Profile Type Trojan Downloader (tr.dldr)