Malware

Delf.25 removal

Malware Removal

The Delf.25 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Delf.25 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Arabic (Egypt)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools

How to determine Delf.25?



File Info:

name: 9CFE11BD7B86DFF4C154.mlw
path: /opt/CAPEv2/storage/binaries/4ffe1f9fba23a74a1d8e85e6b11ca26e6ab912218e97cd99e0b4e4b8418d09dc
crc32: A9F840C0
md5: 9cfe11bd7b86dff4c154acddf15d5381
sha1: 0a17d5fdb117fac433590ea09fd5c81d53e50d0a
sha256: 4ffe1f9fba23a74a1d8e85e6b11ca26e6ab912218e97cd99e0b4e4b8418d09dc
sha512: 7c42d072909ea9c5367e920a7513d7a020c6d52bd89a9af114af4b1d628d6f7eb123a509fa7257aa950930c70a8bae120411d42d7b9de4a7f46b9ec0ddf87b83
ssdeep: 3072:U0Dd2oGH7ei2UwolchyFrfLmm4IpDX8/ByE0Bl51WAcri:U0J2oiCi2ULlchy1M/BypZCO
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C7247B7ED72F5372FAE3CAF744AC67158B276D8E092B714860D9207B487E98C385A10D
sha3_384: b3eec39ba5be2e9cff803ba5ef13e1957d44285ac529633b1cdddb986e063ec96e05612833366d2fc0ea0e5ef223c3ff
ep_bytes: 558bec83c4f0b864934000e85896ffff
timestamp: 2002-05-15 17:50:16


Version Info:

InternalName: avscan
ProductName: AntiVir Desktop
CompanyName: Avira GmbH
LegalCopyright: Copyright © 2000 - 2010 Avira GmbH. All rights reserved.
ProductVersion: 10.03.00.07
FileDescription: On-Demand Scanner
LegalTrademarks: AntiVir® is a registered trademark of Avira GmbH, Germany.
FileVersion: 10.03.00.07
OriginalFilename: avscan.exe
Translation: 0x0409 0x04b0

Delf.25 also known as:

MicroWorld-eScanGen:Variant.Delf.25
ClamAVWin.Trojan.Injector-2949
FireEyeGeneric.mg.9cfe11bd7b86dff4
ALYacGen:Variant.Delf.25
CylanceUnsafe
VIPREGen:Variant.Delf.25
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 7000000f1 )
K7GWTrojan ( 7000000f1 )
Cybereasonmalicious.d7b86d
VirITTrojan.Win32.Zyx.GB
CyrenW32/A-f329bdc8!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/Dorkbot.B
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Backdoor.Win32.Generic
BitDefenderGen:Variant.Delf.25
NANO-AntivirusTrojan.Win32.Crypted.gcxam
SUPERAntiSpywareTrojan.Agent/Gen-DelfInject
AvastWin32:Crypt-ROM [Trj]
TencentMalware.Win32.Gencirc.10b3e72f
Ad-AwareGen:Variant.Delf.25
EmsisoftGen:Variant.Delf.25 (B)
ComodoTrojWare.Win32.Kryptik.YDL@4m44uy
DrWebTrojan.BtcMine.25
ZillyaTrojan.Inject.Win32.23272
McAfee-GW-EditionBehavesLike.Win32.Generic.dm
Trapminemalicious.high.ml.score
SophosML/PE-A + Mal/Zbot-FD
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Delf.25
AviraTR/Crypt.XPACK.Gen
Antiy-AVLTrojan/Generic.ASMalwS.41
KingsoftWin32.HeurC.KVM011.a.(kcloud)
ArcabitTrojan.Delf.25
MicrosoftVirTool:Win32/DelfInject.Z
GoogleDetected
AhnLab-V3Trojan/Win32.MDA.R109535
Acronissuspicious
McAfeeArtemis!9CFE11BD7B86
MAXmalware (ai score=80)
VBA32Backdoor.NgrBot.6121
TrendMicro-HouseCallTROJ_DELFINJECT_0000124.TOMA
RisingTrojan.Generic@AI.89 (RDML:jz760twclatk4FFgqBYOiw)
YandexTrojan.GenAsa!GLCuJ0pXGOY
IkarusWorm.Win32.Dorkbot
FortinetW32/Kryptik.XYT!tr
BitDefenderThetaGen:NN.ZelphiF.34592.nS0@a8ziK5nG
AVGWin32:Crypt-ROM [Trj]
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Delf.25?

Delf.25 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment