Trojan

What is “Win32/TrojanDownloader.Delf.DKZ”?

Malware Removal

The Win32/TrojanDownloader.Delf.DKZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/TrojanDownloader.Delf.DKZ virus can do?

  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Harvests cookies for information gathering
  • Anomalous binary characteristics

How to determine Win32/TrojanDownloader.Delf.DKZ?



File Info:

name: 325D1A6D12ABE05A624D.mlw
path: /opt/CAPEv2/storage/binaries/b5fcee57770746f7a64183ba5c8c500e96a264de399a161ce5cb240191140d36
crc32: C08B0727
md5: 325d1a6d12abe05a624dc79be7fac139
sha1: 81b29b44435280aee57f07dbf7d463d8e99f8823
sha256: b5fcee57770746f7a64183ba5c8c500e96a264de399a161ce5cb240191140d36
sha512: 30c2ba6592b923523370f6266ba4dd955fd6219174aabeb60597968154d33c8b7cee3b18ff3d3e979209d608b606d3f2bfc4199ad6e6bc32ab236e648978a74a
ssdeep: 12288:fUrmxBD2Hw/5pltFMRu9+D/0lHOwIo5TU8xNG/9r4FKI4/8u1:fUzQ7ltx9ycY65TU8bswJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13C0506A2F1E3D576D022167C5C067D7653B67F20DC3AE8016ADDE8C4AAF4EE12B16342
sha3_384: 8965b3c405f84ceba94d7eebacf835e5efb83c555e74cd3ce8229fc856e23011b012cc62286e709b5790e4b96c9bf568
ep_bytes: 558bec83c4f0b89c7d4600e8e4ecf9ff
timestamp: 1992-06-19 22:22:17


Version Info:

CompanyName: Maksim V.
FileVersion: 1.0.0.3
FileDescription: АИСТ VPN Creator
InternalName: АИСТ VPN Creator
LegalCopyright: Copyright © 2009-2010 Maksim V.
LegalTrademarks: АИСТ VPN Creator
OriginalFilename: avpn.exe
ProductName: АИСТ VPN Creator
ProductVersion: 1.0.0.3
Translation: 0x0419 0x04e4

Win32/TrojanDownloader.Delf.DKZ also known as:

McAfeeRDN/Generic.dx
SangforTrojan.Win32.Hesv.gen
Cybereasonmalicious.443528
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/TrojanDownloader.Delf.DKZ
APEXMalicious
AvastWin32:Rattler-A [Cryp]
KasperskyHEUR:Trojan.Win32.Hesv.gen
McAfee-GW-EditionBehavesLike.Win32.Dropper.ch
SophosMal/Generic-S
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
ZoneAlarmHEUR:Trojan.Win32.Hesv.gen
AhnLab-V3Trojan/Win.Woreflint.C5119225
TrendMicro-HouseCallTROJ_GEN.R002H07E922
RisingTrojan.Hesv!8.EDB6 (CLOUD)
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.EQPQ!tr
BitDefenderThetaGen:NN.ZelphiF.34638.YG0@a8fjyNfk
AVGWin32:Rattler-A [Cryp]
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Win32/TrojanDownloader.Delf.DKZ?

Win32/TrojanDownloader.Delf.DKZ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment