Backdoor

What is “Backdoor.Win32.Delf.lz”?

Malware Removal

The Backdoor.Win32.Delf.lz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Delf.lz virus can do?

  • Dynamic (imported) function loading detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Anomalous file deletion behavior detected (10+)
  • Attempts to connect to a dead IP:Port (21748 unique times)
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • A process attempted to delay the analysis task by a long amount of time.
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics

How to determine Backdoor.Win32.Delf.lz?



File Info:

name: 7442D63F70048AD4F7B4.mlw
path: /opt/CAPEv2/storage/binaries/0ef03babc6556b22f03d017d2d8755b3c06861af2ecf08da5925084a6d716e5b
crc32: FFA1CEDA
md5: 7442d63f70048ad4f7b4d5039b0a98b4
sha1: d05b44f161b1a0f2a692fdbd407903649ea7c6ea
sha256: 0ef03babc6556b22f03d017d2d8755b3c06861af2ecf08da5925084a6d716e5b
sha512: 45d1f1c65357c8687f8f2ff0acacbcde35b1c1a02c3c806afcddd9cafba40280a1f279645d6f982e10b85356ca7bd5d3e6a507420ec8743e2d433abb4c00fa55
ssdeep: 12288:I28PZT3YZ9okuA9oBSrnAfCp2kodolCKucawfhnSryAP2ZxhUXWHXJvPiSo5Xw:jJZua9ob7ko+lCKuW6rQBPVo5g
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E6456C0DB2980C94C337D139A553CB06F2B1BC108B1296DB516962BF2F77DE869BDB12
sha3_384: e79d69944af76e9e6df8e9bac4bf3ffab2451329258dc396790d78f31c0d4d123230ac4167c6f0fe240a018e54336f77
ep_bytes: 558bec83c4ec33c08945ecb8208c4000
timestamp: 1992-06-19 22:22:17


Version Info:

0: [No Data]

Backdoor.Win32.Delf.lz also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanDropped:Trojan.GenericKD.31231822
FireEyeGeneric.mg.7442d63f70048ad4
McAfeeW32/Keco.worm.gen
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 004bcce41 )
BitDefenderDropped:Trojan.GenericKD.31231822
K7GWTrojan ( 004bcce41 )
Cybereasonmalicious.f70048
BaiduWin32.Trojan-Dropper.Agent.ad
CyrenW32/Delfloader.B.gen!Eldorado
SymantecW32.HLLP.Yero.Worm.dr
ESET-NOD32a variant of Win32/LunaStorm.D
APEXMalicious
ClamAVWin.Worm.Fesber-7
KasperskyBackdoor.Win32.Delf.lz
NANO-AntivirusTrojan.Win32.Fesber.fjhfvl
RisingWorm.Win32.Fesber.e (CLASSIC)
Ad-AwareDropped:Trojan.GenericKD.31231822
SophosMal/Generic-R
ComodoTrojWare.Win32.TrojanDownloader.Delf.gen@1xqow5
DrWebWin32.HLLW.FSB
ZillyaBackdoor.Delf.Win32.19961
TrendMicroWORM_YERO.A
McAfee-GW-EditionBehavesLike.Win32.Sytro.th
EmsisoftDropped:Trojan.GenericKD.31231822 (B)
SentinelOneStatic AI – Malicious PE
GDataDropped:Trojan.GenericKD.31231822
JiangminBackdoor/Delf.bwp
AviraWORM/Fesber
Antiy-AVLWorm/Win32.Fesber.g
ArcabitTrojan.Generic.D1DC8F4E
ZoneAlarmBackdoor.Win32.Delf.lz
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Xema.C35566
Acronissuspicious
BitDefenderThetaAI:Packer.E2C98C5420
ALYacDropped:Trojan.GenericKD.31231822
MAXmalware (ai score=82)
VBA32BScope.Backdoor.Agent
MalwarebytesMalware.AI.3973187812
PandaTrj/Genetic.gen
TrendMicro-HouseCallWORM_YERO.A
TencentMalware.Win32.Gencirc.10b3de7c
YandexTrojan.GenAsa!rbAcHlWfCJ4
eGambitUnsafe.AI_Score_100%
FortinetW32/Delf.NRF!tr
AVGWin32:Agent-AVCC [Trj]
AvastWin32:Agent-AVCC [Trj]
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.1943155.susgen

How to remove Backdoor.Win32.Delf.lz?

Backdoor.Win32.Delf.lz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment