Should I remove “Win32/Spy.Delf.RAQ”?

The Win32/Spy.Delf.RAQ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/Spy.Delf.RAQ virus can do?

The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Win32/Spy.Delf.RAQ?


File Info:
name: EBA2C8358D62C3D63BC1.mlw
path: /opt/CAPEv2/storage/binaries/23a4440bd30f5d8bb25ac01f5cff1f18c03867cf466f1832bb0b466a9db6d625
crc32: 3A244D39
md5: eba2c8358d62c3d63bc1e47e09faa2b5
sha1: 9fae1b3e354f5b251d017184bd5da4a35c1c0f01
sha256: 23a4440bd30f5d8bb25ac01f5cff1f18c03867cf466f1832bb0b466a9db6d625
sha512: 2fd59240f3812a824105b604b39c930dea80609c9678997d256f8aea61f1c6ec3ea251057a3102704f5e5ae16ee2f0d2e4d3e6e8f942c8f9d49ea2d1486cefd2
ssdeep: 3072:lzRMrBItGE4K5rEcRZzFPk2I111KYTI1Uk1I:lzRsBXE4K5hHMzTy1I
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17D048B49B3FDED4DC83A1C30B88088D2C7D9E4E1DEC22C45A6D4661EAEEA147F51265F
sha3_384: 403924b7aea0970c5ee5c23156b7cced93b9aa65216bf7c522f9b7293bd99b54963548c9626eb5070ce63702f89b9e73
ep_bytes: 8bec609ce99a380000006a004975f953
timestamp: 1992-06-19 22:22:17

Version Info:
CompanyName: MSbuild Inc
FileDescription: MSbuild Component Registrant
FileVersion: 2.1.4.0
LegalCopyright: Copyright © 2004 MSbuild Inc. All Rights Reserved
ProductName: MSbuild
ProductVersion: 2.1.4.0
Translation: 0x0409 0x04e4

Win32/Spy.Delf.RAQ also known as:

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Generic.4!c
MicroWorld-eScan	Trojan.GenericKD.63810156
McAfee	GenericRXUR-MM!EBA2C8358D62
Cylance	Unsafe
VIPRE	Trojan.GenericKD.63810156
Sangfor	Trojan.Win32.Agent.Vjfs
K7AntiVirus	Trojan ( 7000000f1 )
Alibaba	TrojanSpy:Win32/Basine.65befb52
K7GW	Trojan ( 7000000f1 )
Cybereason	malicious.e354f5
Cyren	W32/LdPinch.N.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Spy.Delf.RAQ
APEX	Malicious
Cynet	Malicious (score: 100)
BitDefender	Trojan.GenericKD.63810156
NANO-Antivirus	Virus.Win32.Gen.ccmw
Avast	Win32:BackdoorX-gen [Trj]
Ad-Aware	Trojan.GenericKD.63810156
TACHYON	Trojan/W32.Agent.174592.TB
Emsisoft	Trojan.GenericKD.63810156 (B)
Comodo	TrojWare.Win32.PkdMorphine.~AN@1l4q0o
DrWeb	Trojan.PWS.Webmonier.924
McAfee-GW-Edition	Artemis!Trojan
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.eba2c8358d62c3d6
Sophos	Mal/Basine-C
SentinelOne	Static AI – Suspicious PE
GData	Win32.Trojan.PSE.1HFWLIB
Antiy-AVL	Trojan/Win32.SGeneric
Arcabit	Trojan.Generic.D3CDAA6C
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
AhnLab-V3	Trojan/Win.Generic.R535751
ALYac	Trojan.GenericKD.63810156
MAX	malware (ai score=81)
VBA32	Heur.Trojan.Hlux
Malwarebytes	Malware.Heuristic.1001
TrendMicro-HouseCall	TROJ_GEN.R002H0CKP22
Rising	Backdoor.Hupigon!8.B57 (TFE:3:9ZR3ES2hAvB)
Ikarus	Trojan-GameThief.Win32.Magania
MaxSecure	Trojan.Malware.193645978.susgen
Fortinet	W32/PossibleThreat
AVG	Win32:BackdoorX-gen [Trj]
CrowdStrike	win/malicious_confidence_70% (W)

How to remove Win32/Spy.Delf.RAQ?

Win32/Spy.Delf.RAQ removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X