Malware

Win32/Delf.ACZ removal instruction

Malware Removal

The Win32/Delf.ACZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Delf.ACZ virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • Executable file is packed/obfuscated with ASPack
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Win32/Delf.ACZ?



File Info:

name: 87F14B671A8A09DCCE3C.mlw
path: /opt/CAPEv2/storage/binaries/a588457bb92a07864d7d675da9116f5f0b050ff185b7a4a4bbd89d8eec0ce739
crc32: C0FA1868
md5: 87f14b671a8a09dcce3cf3a05e8dd60b
sha1: c92d742d254c7f890047ec8f1bf57c4820607186
sha256: a588457bb92a07864d7d675da9116f5f0b050ff185b7a4a4bbd89d8eec0ce739
sha512: 6dd147e6a67089db5b0fee46e4908ffea1d053ffa6cce11d04d785d4909cebed2850664fb7877e0c7b7678fa8adbf7c40d55c49a710ee652358c8b4c2b11b355
ssdeep: 1536:B38BasHJPi085DoZ4xbWd6BvwGsd2Qsq2wwvfFD1+DiqFfMdA3zh3TWTRPM7PB9:BoasHNi08qZ4c/LEQsvwwv/+Diw0Kh3F
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11F930203C9F49460CCF2ED3FE6E0DA15621CBA2029B3971721F94476AFA5A8BFD14C65
sha3_384: 965b42d6019729f0ae6488e98c5218e0fc83cd82739948d642e6dcf50ba9f699d97a13b3c5f5401bcf8608578004f4b6
ep_bytes: 60e803000000e9eb045d4555c3e80100
timestamp: 1992-06-19 22:22:17


Version Info:

FileDescription: Хост-процесс для служб Windows
FileVersion: 1.0.0.1
InternalName: 
LegalCopyright: Copyright (C) 2013
OriginalFilename: Server
ProductName: 
ProductVersion: 1.0.0.1
E-mail: 
Translation: 0x0419 0x04b0

Win32/Delf.ACZ also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Agent.4!c
DrWebTrojan.DownLoader9.24992
MicroWorld-eScanGen:Variant.Zusy.78519
FireEyeGen:Variant.Zusy.78519
McAfeeArtemis!87F14B671A8A
CylanceUnsafe
ZillyaTrojan.Agent.Win32.2162490
SangforTrojan.Win32.Agent.adrjd
K7AntiVirusTrojan ( 7000000f1 )
AlibabaTrojan:Win32/AutoRun.cb731ea2
K7GWTrojan ( 7000000f1 )
Cybereasonmalicious.71a8a0
BitDefenderThetaGen:NN.ZelphiF.34084.fO0baCVPGEcc
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Delf.ACZ
TrendMicro-HouseCallTROJ_SPNR.07AF14
KasperskyTrojan.Win32.Agent.adrjd
BitDefenderGen:Variant.Zusy.78519
NANO-AntivirusTrojan.Win32.Agent.ctqqmk
AvastWin32:Rootkit-gen [Rtk]
TencentWin32.Trojan.Agent.Edxp
Ad-AwareGen:Variant.Zusy.78519
EmsisoftGen:Variant.Zusy.78519 (B)
ComodoMalware@#2touszglps1ne
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_SPNR.07AF14
McAfee-GW-EditionBehavesLike.Win32.Backdoor.mc
SophosMal/Emogen-Y
IkarusWorm.Win32.AutoRun
GDataGen:Variant.Zusy.78519
JiangminTrojan/Agent.hray
WebrootW32.Trojan.Malex.E
MAXmalware (ai score=87)
Antiy-AVLTrojan/Generic.ASMalwS.6E5C0D
KingsoftWin32.Troj.Agent.(kcloud)
ViRobotTrojan.Win32.Z.Agent.90624.AAL
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
VBA32BScope.Trojan.Wacatac
ALYacGen:Variant.Zusy.78519
APEXMalicious
YandexTrojan.Delf!14WZQF/Od6I
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Agent.ADRJD!tr
AVGWin32:Rootkit-gen [Rtk]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Delf.ACZ?

Win32/Delf.ACZ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment