Trojan:Win32/Delephant removal instruction

The Trojan:Win32/Delephant is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Delephant virus can do?

Unconventionial language used in binary resources: Chinese (Simplified)
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Trojan:Win32/Delephant?


File Info:
name: F16F5D481DF3B384DF65.mlw
path: /opt/CAPEv2/storage/binaries/196e0fec987581b86a16a7fd78f566f60eed2e7c55a51287ce7f293abd1e1631
crc32: 68171558
md5: f16f5d481df3b384df65635223e5a3ea
sha1: 5a500282de7b1fff4f92c4d9aea9cecf951687b5
sha256: 196e0fec987581b86a16a7fd78f566f60eed2e7c55a51287ce7f293abd1e1631
sha512: 95a951fd2f6614be6d1475d6aac3d09325f57deb8d94443f0924274a2f1540ee7c63f6df9ad1f51bcc01d286fb084fcdfecaa339d12a26d85bfedb23e93fd2ef
ssdeep: 12288:nuMkyKVZ8R89OajagEfZhGFtdYZxm7pFJgfZqCuSduRS86g:Tk3ZGwyfWFsLQJoz8b
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E4F46D62B2A19833C5735A38CC1B57A4AC3AFD503D2899463BF53E4C9F797817829393
sha3_384: b310b9f5f8eeb467f87a348f94fe9daaf3499ddba1f42bd8c0a281e41a12d584908eaefed64d4db04a3bc8ddbb250fa8
ep_bytes: 558bec83c4f0b8c8b14900e814b5f6ff
timestamp: 1992-06-19 22:22:17

Version Info:
CompanyName: 
FileDescription: 
FileVersion: 1.0.0.1
InternalName: 
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: 
ProductName: 
ProductVersion: 1.0.0.0
Comments: 
Translation: 0x0809 0x04e4

Trojan:Win32/Delephant also known as:

Lionic	Riskware.Win32.SMTPScan.1!c
Elastic	malicious (moderate confidence)
DrWeb	BackDoor.Ghost.306
Zillya	Trojan.GenericKD.Win32.121595
Sangfor	Hacktool.Win32.SMTPScan.gen
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	NetTool:Win32/SMTPScan.5f1bfa38
K7GW	Riskware ( 0040eff71 )
BitDefenderTheta	Gen:NN.ZelphiF.36722.UG0@aWasQKeb
VirIT	Backdoor.Win32.Ghost.LU
Symantec	Trojan.Gen.2
APEX	Malicious
Cynet	Malicious (score: 99)
Kaspersky	not-a-virus:HEUR:NetTool.Win32.SMTPScan.gen
NANO-Antivirus	Trojan.Win32.Ghost.fcmhxw
SUPERAntiSpyware	PUP.SMTPScan/Variant
Tencent	Malware.Win32.Gencirc.11a602e9
F-Secure	Trojan.TR/Delephant.moakv
Sophos	Port Scanner (PUA)
Ikarus	Backdoor.Ghost
Jiangmin	Trojan.Generic.caxxk
Avira	TR/Delephant.moakv
Kingsoft	malware.kb.a.862
Xcitium	Malware@#2arc670e919j9
ZoneAlarm	not-a-virus:HEUR:NetTool.Win32.SMTPScan.gen
Microsoft	Trojan:Win32/Delephant
Google	Detected
VBA32	TScope.Trojan.Delf
Malwarebytes	Malware.AI.1755407564
Panda	Trj/CI.A
Rising	Trojan.Delephant!8.F84D (CLOUD)
Yandex	BackDoor.Ghost!8i7gQwu/4tk
MaxSecure	Trojan.Malware.7164915.susgen
DeepInstinct	MALICIOUS

How to remove Trojan:Win32/Delephant?

Trojan:Win32/Delephant removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X