Trojan

Trojan:Win32/Delf.EM information

Malware Removal

The Trojan:Win32/Delf.EM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Delf.EM virus can do?

  • A file with an unusual extension was attempted to be loaded as a DLL.
  • Anomalous file deletion behavior detected (10+)
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Likely virus infection of existing system binary
  • Harvests cookies for information gathering

How to determine Trojan:Win32/Delf.EM?



File Info:

name: BF427A37ED07B2E63703.mlw
path: /opt/CAPEv2/storage/binaries/b8e300dbf2cfe0d5a21e76b54556afc8014ce82405dec41f90aa7b0926885537
crc32: FD60B480
md5: bf427a37ed07b2e63703094439e493bc
sha1: 2b9cdd8a2aef012a58076808220f919b826b83a2
sha256: b8e300dbf2cfe0d5a21e76b54556afc8014ce82405dec41f90aa7b0926885537
sha512: 958b0a93cda4f5741e4c8408b9b1fecddfb1fabd0193666fa89dbe10a4ec01f8e52974e3fb453ebc7eaa84f8ad8d23ae13fe56af52f556f4b7dfdf04189285e1
ssdeep: 12288:4q6IMKOmkW+Dfhg0cvd5JIDvTJw1OvvUC:47mOmkDJnidcDvTK1UMC
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14EB48D457FE5C436C11259F24BCD5BD05CEEAE676C20048F2EC01A2EE9B4DB5C369B2A
sha3_384: f95467808b31be0d3e06ef90083f5ca47ff7aa5b3e787c9069968b26087905ce996a7be73554bb85c33298c8dccae57b
ep_bytes: 558becb98a0000006a006a004975f953
timestamp: 1992-06-19 22:22:17


Version Info:

CompanyName: Igor Pavlov
FileDescription: 7-Zip Console
FileVersion: 18.06
InternalName: 7z
LegalCopyright: Copyright (c) 1999-2018 Igor Pavlov
OriginalFilename: 7z.exe
ProductName: 7-Zip
ProductVersion: 18.06
Translation: 0x0409 0x04b0

Trojan:Win32/Delf.EM also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanWin32.Respat.Gen.1
CAT-QuickHealW32.Allesgreh.A8
ALYacWin32.Respat.Gen.1
CylanceUnsafe
VIPREWin32.Respat.Gen.1
Sangfor[ARMADILLO V1.71]
K7AntiVirusTrojan ( 000746f31 )
K7GWTrojan ( 000746f31 )
CrowdStrikewin/malicious_confidence_70% (D)
BaiduWin32.Trojan.Delf.ab
CyrenW32/Allesgreh.A.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Delf.NBB
APEXMalicious
ClamAVWin.Worm.Agent-441978
KasperskyVirus.Win32.Allesgreh.a
BitDefenderWin32.Respat.Gen.1
NANO-AntivirusVirus.Win32.Allesgreh.byfwdx
AvastWin32:Agent-HUT [Wrm]
RisingTrojan.Generic@AI.87 (RDML:XI5R5ZbOTtWl6k8WyfxiPA)
Ad-AwareWin32.Respat.Gen.1
EmsisoftWin32.Respat.Gen.1 (B)
ComodoTrojWare.Win32.TrojanDownloader.Delf.gen@1xqow5
DrWebWin32.HLLP.Arelgen.2
ZillyaWorm.AutoRun.Win32.11171
TrendMicroPE_FLED.A
McAfee-GW-EditionW32/Autorun.worm.aaj
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.bf427a37ed07b2e6
SophosML/PE-A + Mal/Basine-C
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.BSE.LW18Q9
JiangminWorm/AutoRun.gil
AviraTR/Dldr.Delphi.Gen
MAXmalware (ai score=84)
Antiy-AVLTrojan/Generic.ASBOL.8AC7
ArcabitWin32.Respat.Gen.1
ViRobotWorm.Win32.Autorun.127488.D
MicrosoftTrojan:Win32/Delf.EM
CynetMalicious (score: 100)
AhnLab-V3Worm/Win32.AutoRun.R10770
McAfeeW32/Autorun.worm.aaj
VBA32BScope.Trojan.Downloader
MalwarebytesMalware.AI.2439536902
TrendMicro-HouseCallPE_FLED.A
YandexTrojan.GenAsa!0cTuUlqXiJU
IkarusTrojan-Downloader.Win32.Delf
MaxSecureVirus.W32.Allesgreh.A
FortinetW32/Allesgreh.A
BitDefenderThetaAI:FileInfector.E3EBED0D12
AVGWin32:Agent-HUT [Wrm]
Cybereasonmalicious.7ed07b
PandaGeneric Malware

How to remove Trojan:Win32/Delf.EM?

Trojan:Win32/Delf.EM removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment