Malware

Should I remove “Win32/Delf.NVC”?

Malware Removal

The Win32/Delf.NVC is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Delf.NVC virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • CAPE detected the DarkComet malware family
  • Interacts with known DarkComet registry keys
  • Deletes executed files from disk
  • The sample wrote data to the system hosts file.
  • Uses suspicious command line tools or Windows utilities

How to determine Win32/Delf.NVC?



File Info:

name: 37F603475B97F520EB9C.mlw
path: /opt/CAPEv2/storage/binaries/a1607ee2ee4650be6becbcfd7197662f45935606b6a4b9de27db0d8165678cdc
crc32: 36E261FB
md5: 37f603475b97f520eb9ce4d24d9a3539
sha1: 85d6bea55773ac31e935641bbcdd7cc557ba2a6d
sha256: a1607ee2ee4650be6becbcfd7197662f45935606b6a4b9de27db0d8165678cdc
sha512: e1d2fd89ae780d5296500953439d6069939cec49f1236655b3f9f561c150f20af23f80b219c936d121213d475fd510c1405af9e61ebde67b1de726f81b3130fa
ssdeep: 12288:cna9rONZ9DBjhdher2DKhKzTTvBGD37SOWrXUy3Prmunj2/1dyBdude0MIIvxIcI:cnaVOf9DBj1eSO4zvBGD3OxXZDmumQXS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T132F41203F3A4E872E0619AF45D56D3B56B33BEDA59724905B1DDAD6F7BA3312080A303
sha3_384: 07c56831f98379031b876486781ec47075a043dd9b9d390fe30c0c03bea5893e7f79867f0fb749b43e329a7b6a5fd384
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: SENDER max Company                                          
FileDescription: SENDER max Setup                                            
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: SENDER max                                                  
ProductVersion: 4.0.2.1.05          
Translation: 0x0000 0x04b0

Win32/Delf.NVC also known as:

LionicTrojan.Win32.Agent.m!c
MicroWorld-eScanGen:Trojan.UserStartup.QKW@aezFzkgO
FireEyeGen:Trojan.UserStartup.QKW@aezFzkgO
CAT-QuickHealBackdoor.Fynloski.A9
McAfeeArtemis!37F603475B97
CylanceUnsafe
VIPREGen:Trojan.UserStartup.QKW@aezFzkgO
AlibabaBackdoor:Win32/DarkKomet.1b16995f
Cybereasonmalicious.75b97f
BaiduWin32.Backdoor.Agent.l
CyrenW32/Downloader.C.gen!Eldorado
SymantecTrojan.ADH.2
ESET-NOD32Win32/Delf.NVC
APEXMalicious
KasperskyBackdoor.Win32.DarkKomet.gvyh
BitDefenderGen:Trojan.UserStartup.QKW@aezFzkgO
NANO-AntivirusTrojan.Win32.Fynloski.dfbjp
SUPERAntiSpywareTrojan.Agent/Gen-Scream[Ex]
AvastWin32:Flooder-GR [Trj]
TencentWin32.Backdoor.Darkkomet.Dflw
TACHYONTrojan/W32.DP-Agent.696320.F
EmsisoftGen:Trojan.UserStartup.QKW@aezFzkgO (B)
ComodoMalware@#2qpvkg0xri9j1
DrWebTrojan.PWS.Spy.11887
ZillyaBackdoor.Agent.Win32.32798
TrendMicroBKDR_FYNLOS.SMIA
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-L
GDataGen:Trojan.UserStartup.QKW@aezFzkgO
WebrootW32.Malware.Gen
AviraTR/Spy.Gen2
Antiy-AVLTrojan/Generic.ASBOL.2312
ArcabitTrojan.UserStartup.ED570E
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
BitDefenderThetaAI:Packer.3180B0E921
ALYacGen:Trojan.UserStartup.QKW@aezFzkgO
MAXmalware (ai score=100)
VBA32Backdoor.DarkKomet.gen
TrendMicro-HouseCallBKDR_FYNLOS.SMIA
RisingBackdoor.DarkComet!1.CB87 (CLASSIC)
YandexTrojan.Comet.Gen.LO
IkarusTrojan.Win32.Jorik
FortinetW32/COMDAR.SMI!tr
AVGWin32:Flooder-GR [Trj]
PandaTrj/CI.A

How to remove Win32/Delf.NVC?

Win32/Delf.NVC removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment