Trojan

About “TrojanDropper:Win32/Delfsnif.A” infection

Malware Removal

The TrojanDropper:Win32/Delfsnif.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDropper:Win32/Delfsnif.A virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a copy of itself
  • Created a service that was not started
  • Anomalous binary characteristics

Related domains:

edgedl.me.gvt1.com

How to determine TrojanDropper:Win32/Delfsnif.A?



File Info:

crc32: 783C59FD
md5: 7bade709593ad1bba67497075e5964ed
name: 7BADE709593AD1BBA67497075E5964ED.mlw
sha1: 94065461cd959c12b46919b0fc45635818d55f60
sha256: 92b34dd054041d4e7805f577d636556521e175a0d32464d068a96794b9977728
sha512: bad9d6528a3f26e1b2fbf59c90b4b82de6a8d3299566b2f5845c34d64d4ce6b5fb4606c3f75ea53016b9c20450068f151c9885e22554174e379fe0abef9848fc
ssdeep: 12288:l7iNikzMMnaJMxkpysdNr9/BI15fTXz4mmdrS+6neJCCzf0:5iokzhaJMW18TXk3rS+6neJlT0
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

TrojanDropper:Win32/Delfsnif.A also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 7000000f1 )
LionicTrojan.Win32.Hupigon.m!c
Elasticmalicious (high confidence)
DrWebBackDoor.Pigeon.9668
CynetMalicious (score: 100)
ALYacDropped:Backdoor.Hupigon.AZFC
CylanceUnsafe
ZillyaBackdoor.Hupigon.Win32.146876
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaBackdoor:Win32/Hupigon.60c79fee
K7GWTrojan ( 7000000f1 )
Cybereasonmalicious.9593ad
CyrenW32/Downloader.C.gen!Eldorado
SymantecW32.Fubalca.E
ESET-NOD32a variant of Win32/AutoRun.Hupigon.L
APEXMalicious
AvastWin32:Hupigon-FB [Trj]
ClamAVWin.Trojan.Hupigon-8608
KasperskyBackdoor.Win32.Hupigon.utbf
BitDefenderDropped:Backdoor.Hupigon.AZFC
NANO-AntivirusTrojan.Win32.Hupigon.cwppfz
ViRobotBackdoor.Win32.A.Hupigon.737280.Z
MicroWorld-eScanDropped:Backdoor.Hupigon.AZFC
TencentWin32.Trojan.Inject.Auto
Ad-AwareDropped:Backdoor.Hupigon.AZFC
SophosW32/Pidgeon-A
ComodoBackdoor.Win32.Hupigon.~BACE@fmlq
BitDefenderThetaAI:Packer.70D8F0541D
TrendMicroTROJ_GEN.R002C0CK421
McAfee-GW-EditionBehavesLike.Win32.Dropper.bc
FireEyeGeneric.mg.7bade709593ad1bb
EmsisoftDropped:Backdoor.Hupigon.AZFC (B)
SentinelOneStatic AI – Malicious PE
JiangminBackdoor/Huigezi.Gen
WebrootW32.Delf.Gen
AviraBDS/Hupigon.Gen
eGambitUnsafe.AI_Score_100%
Antiy-AVLTrojan/Generic.ASMalwS.942081
KingsoftWin32.Hack.Huigezi.un.(kcloud)
MicrosoftTrojanDropper:Win32/Delfsnif.A
SUPERAntiSpywareTrojan.Agent/Gen-Kryptor
ZoneAlarmBackdoor.Win32.Hupigon.utbf
GDataDropped:Backdoor.Hupigon.AZFC
AhnLab-V3Backdoor/Win32.Hupigon.R2222
Acronissuspicious
McAfeeFlyagent.d
MAXmalware (ai score=100)
VBA32BScope.Trojan.Mepaow
MalwarebytesMalware.AI.3870024395
PandaBck/Hupigon.LNX
TrendMicro-HouseCallTROJ_GEN.R002C0CK421
RisingBackdoor.Win32.ShangXing.kd (CLASSIC)
YandexBackdoor.Hupigon!2uzuRGSxVS0
IkarusBackdoor.Win32.Hupigon
MaxSecureTrojan.Malware.9715308.susgen
FortinetW32/CoinMiner.BELF!tr
AVGWin32:Hupigon-FB [Trj]
Paloaltogeneric.ml

How to remove TrojanDropper:Win32/Delfsnif.A?

TrojanDropper:Win32/Delfsnif.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment