Categories: Trojan

TrojanDropper:Win32/Delf.W removal guide

The TrojanDropper:Win32/Delf.W is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What TrojanDropper:Win32/Delf.W virus can do?

Behavioural detection: Executable code extraction – unpacking
Sample contains Overlay data
Reads data out of its own binary image
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Behavioural detection: Injection (Process Hollowing)
Behavioural detection: Injection (inter-process)
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine TrojanDropper:Win32/Delf.W?


File Info:
name: 2D08AEB89D751F60FAA1.mlwpath: /opt/CAPEv2/storage/binaries/b0045d07e93a0073a9cb6465d58c7de6befc7ffa35a128e14a4d049d8600e62dcrc32: 742BB21Emd5: 2d08aeb89d751f60faa188e08da876c4sha1: 099e892a34265444a2813ff09974b5a9b26af199sha256: b0045d07e93a0073a9cb6465d58c7de6befc7ffa35a128e14a4d049d8600e62dsha512: 3c64a60d5f328bf498497563189c29fc5cd5069c06967f241642a9a6bca872510f93ba7fab67791ee6f6c376973bb345b76bdc7270a536a84a414b6db362571assdeep: 1536:l/qzLwkYhJqyfjH4tPvOKMADe4QV0tNIc/tBxug0RY5xDkAoRAU8:lSzkrhJqajH4tPvnZQVbc/tTu1O5OACytype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1DA93CF8F750534F6E5333C32A4C3834AAA35FD77B43C3019FF4965CBA9A518239A9A21sha3_384: 4d3b88bbb9b63a38e823341278bfb3a3e796bebc82f677e8ac76c3415e3c5ab63368e01c9e82ab790633138cb801890dep_bytes: 558bec83c4f0b8c8310020e8b4eafffftimestamp: 1992-06-19 22:22:17
Version Info:
0: [No Data]

TrojanDropper:Win32/Delf.W also known as:

Bkav	W32.AIDetectMalware
tehtris	Generic.Malware
MicroWorld-eScan	Trojan.Crypt.BH
FireEye	Generic.mg.2d08aeb89d751f60
CAT-QuickHeal	Trojan.Delfinject.17618
McAfee	BackDoor-CEP.w
Malwarebytes	MachineLearning/Anomalous.100%
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0055e3df1 )
BitDefender	Trojan.Crypt.BH
K7GW	Trojan ( 0055e3df1 )
CrowdStrike	win/malicious_confidence_100% (W)
Cyren	W32/Backdoor.WPAG-0419
Symantec	Trojan.Packed.5
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/TrojanDropper.Delf.NCD
TrendMicro-HouseCall	BKDR_DELF.BSG
ClamAV	Win.Trojan.Delf-687
Kaspersky	Packed.Win32.CPEX-based.t
NANO-Antivirus	Trojan.Win32.CPEXbased.wsxv
ViRobot	Backdoor.Win32.Delf.343552
Rising	Backdoor.Delf.vwk (CLASSIC)
Sophos	Mal/Behav-328
F-Secure	Backdoor.BDS/Delf.atg
DrWeb	BackDoor.Bifrost.998
VIPRE	Trojan.Crypt.BH
TrendMicro	BKDR_DELF.BSG
McAfee-GW-Edition	BehavesLike.Win32.Generic.mc
Trapmine	malicious.high.ml.score
CMC	Generic.Win32.2d08aeb89d!CMCRadar
Emsisoft	Trojan.Crypt.BH (B)
Ikarus	Trojan.Win32.Buzus
GData	Trojan.Crypt.BH
Jiangmin	Backdoor/Delf.arf
Google	Detected
Avira	BDS/Delf.atg
Antiy-AVL	Trojan[Packed]/Win32.CPEX-based.t
Xcitium	TrojWare.Win32.TrojanDropper.Delf.~F@hp7m
Arcabit	Trojan.Crypt.BH
ZoneAlarm	Packed.Win32.CPEX-based.t
Microsoft	TrojanDropper:Win32/Delf.W
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Xema.C14830
BitDefenderTheta	AI:Packer.A197FDBA1E
MAX	malware (ai score=87)
DeepInstinct	MALICIOUS
VBA32	Malware-Cryptor.Win32.Cigicigi
Cylance	unsafe
Panda	Generic Malware
APEX	Malicious
Tencent	Malware.Win32.Gencirc.10b0d7cf
SentinelOne	Static AI – Suspicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/DELFINJECT.A!tr
AVG	Win32:Delf-AUS [Trj]
Cybereason	malicious.89d751
Avast	Win32:Delf-AUS [Trj]