Spy

Win32/Spy.Delf.QWW removal

Malware Removal

The Win32/Spy.Delf.QWW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Spy.Delf.QWW virus can do?

  • Unconventionial language used in binary resources: Portuguese (Brazilian)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the AllaKore malware family
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32/Spy.Delf.QWW?



File Info:

name: 4F9CA00C9B02E0C8F044.mlw
path: /opt/CAPEv2/storage/binaries/db24325b3bfc666a6f52f70199833da33f33d6c1ae9ba76f30e642361018285f
crc32: 494E8D22
md5: 4f9ca00c9b02e0c8f044ce53b5b8558b
sha1: 747e8b209bb2062338b4410b071defdb038e4de2
sha256: db24325b3bfc666a6f52f70199833da33f33d6c1ae9ba76f30e642361018285f
sha512: 4232757e425f09613550e28e5df1b30f577cecfbcf9acb1a446ae713ba193e8361e06ff31dff42077bd5a4405bd79e3c9cb10e7893a03ae544c6869c937996ac
ssdeep: 49152:R2+fe4aFvyMSDOIjTeqz8UYzzkVHVdBRTbTK9dFFEhn7HxMyhw9zFVRNg/RO:R22ev6Oq8UYzqcXFFwn7RMyhmXg/RO
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14F467C527340E43AC0561A3A5D22D7E8973BFE616F128E5732EC3F5E9F351812E3A642
sha3_384: ef4017b4dc698f6dea588cc3cff96c301488d0bdf598c71d6460f9d49f300d60c82a23a917c75151aead59d5f83a3f3a
ep_bytes: 558bec83c4f053b85cad7100e8b3a4ce
timestamp: 2020-10-03 05:06:06


Version Info:

CompanyName: MicroSoft  Corporation
FileDescription: Win-Host Application
FileVersion: 1.0.0.168
InternalName: Win-Host Application
LegalCopyright: MicroSoft Corporation  Copyrights
OriginalFilename: WinHost
ProductName: WinHost Application
ProductVersion: 1.0.0.0
Translation: 0x0409 0x04e4

Win32/Spy.Delf.QWW also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Nssgio.4!c
MicroWorld-eScanGen:Trojan.Heur.@V0@r8nSSGiO
McAfeePWS-FDBB!4F9CA00C9B02
Cylanceunsafe
ZillyaTrojan.Delf.Win32.131022
SangforTrojan.Win32.Heur.@V0@r8nSSGiO
K7AntiVirusSpyware ( 0055e4581 )
AlibabaTrojanSpy:Win32/Generic.72f12413
K7GWSpyware ( 0055e4581 )
Cybereasonmalicious.c9b02e
CyrenW32/Delf.JRVP-7551
SymantecTrojan.Gen.MBT
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Spy.Delf.QWW
ClamAVWin.Trojan.Zusy-9870698-0
KasperskyHEUR:Trojan-Spy.Win32.Stealer.gen
BitDefenderGen:Trojan.Heur.@V0@r8nSSGiO
AvastWin32:MalwareX-gen [Trj]
RisingTrojan.Generic@AI.98 (RDML:S/MP2FjRthkIfhiSvZx22g)
EmsisoftGen:Trojan.Heur.@V0@r8nSSGiO (B)
F-SecureHeuristic.HEUR/AGEN.1326478
DrWebTrojan.Siggen14.29081
VIPREGen:Trojan.Heur.@V0@r8nSSGiO
McAfee-GW-EditionBehavesLike.Win32.Dropper.th
FireEyeGen:Trojan.Heur.@V0@r8nSSGiO
SophosMal/Generic-R
IkarusTrojan-Spy.Agent
JiangminTrojanSpy.Stealer.eoi
WebrootW32.Trojan.Gen
GoogleDetected
AviraHEUR/AGEN.1326478
MAXmalware (ai score=80)
Antiy-AVLTrojan/Win32.Sidecopy
MicrosoftTrojan:Win32/Wacatac.B!ml
ArcabitTrojan.Heur.E32C82
ZoneAlarmHEUR:Trojan-Spy.Win32.Stealer.gen
GDataGen:Trojan.Heur.@V0@r8nSSGiO
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Reputation.R429984
BitDefenderThetaAI:Packer.3B852B5B1C
ALYacGen:Trojan.Heur.@V0@r8nSSGiO
VBA32TScope.Trojan.Delf
MalwarebytesGeneric.Malware/Suspicious
PandaTrj/GdSda.A
TencentWin32.Trojan-Spy.Stealer.Gmnw
YandexTrojanSpy.Delf!S0Q8n2ayjdA
MaxSecureTrojan.Malware.109043039.susgen
FortinetW32/Delf.QWW!tr.spy
AVGWin32:MalwareX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Spy.Delf.QWW?

Win32/Spy.Delf.QWW removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment