Trojan

What is “Win32/TrojanDownloader.Delf.QEW”?

Malware Removal

The Win32/TrojanDownloader.Delf.QEW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/TrojanDownloader.Delf.QEW virus can do?

  • Sample contains Overlay data
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • Executable file is packed/obfuscated with ASPack
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Win32/TrojanDownloader.Delf.QEW?



File Info:

name: DB162E24EC14486EC1F2.mlw
path: /opt/CAPEv2/storage/binaries/209d7de2000639f18d0e6a5e19c6111b2f924c2af8f6516049cffbf563a0554f
crc32: D55D5872
md5: db162e24ec14486ec1f237921599d3b4
sha1: 067e80485b99e6f79969b5f7b94a92ca98ebe359
sha256: 209d7de2000639f18d0e6a5e19c6111b2f924c2af8f6516049cffbf563a0554f
sha512: 53d8ac3f9565db317e616cbe73a8e60c413158600a25113e506d51fbea1ef58ce0d0446f7ca97f3577d69fd1c10b94c1810b01f26e80352dd991ecb7b1ed09ed
ssdeep: 6144:CBKHYmz6mq2pmHmFV2YjnWuwqzeRhvaBAUBZ6IpuX:d4m5bpnL2KnEqCRhvaFBZ6/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13A54223B6EDB5C66D7990A3D11610C2C833E9E5CB004C32722317DAB5B30B9A99096FE
sha3_384: c11559915405370c3abd971a2d373f5b930a5a9ffedb116623fc62b940f0b49f29693cb8f0403186bfcbc9a923e81215
ep_bytes: 60e803000000e9eb045d4555c3e80100
timestamp: 2011-03-02 01:10:41


Version Info:

CompanyName: 
FileDescription: 281600
FileVersion: 1.0.0.0
InternalName: 
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: 
ProductName: 
ProductVersion: 1.0.0.0
Comments: 
Translation: 0x0804 0x03a8

Win32/TrojanDownloader.Delf.QEW also known as:

MicroWorld-eScanTrojan.GenericKD.41941097
FireEyeGeneric.mg.db162e24ec14486e
CAT-QuickHealTrojanDownloader.Delf.NK12
ALYacTrojan.GenericKD.41941097
CylanceUnsafe
VIPRETrojan.GenericKD.41941097
Sangfor[ASPACK V2.12]
K7AntiVirusTrojan ( f1000a011 )
K7GWTrojan ( f1000a011 )
Cybereasonmalicious.4ec144
BaiduWin32.Trojan-Downloader.Agent.af
VirITTrojan.Win32.Cryptic.CBE
CyrenW32/Delf.AI.gen!Eldorado
SymantecDownloader
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDownloader.Delf.QEW
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Packed.Delf-9786618-0
KasperskyTrojan-Downloader.Win32.Delf.aznp
BitDefenderTrojan.GenericKD.41941097
NANO-AntivirusTrojan.Win32.Delf.crlibp
SUPERAntiSpywareTrojan.Agent/Gen-Delf
AvastWin32:Trojan-gen
RisingTrojan.DL.Win32.Undef.tit (CLOUD)
Ad-AwareTrojan.GenericKD.41941097
SophosML/PE-A + Troj/Dloadr-DIY
ComodoTrojWare.Win32.Downloader.Fraudload.AA@2vwxs7
DrWebTrojan.DownLoader4.5793
ZillyaDownloader.Delf.Win32.18241
TrendMicroTROJ_DLOADR.SMAI
McAfee-GW-EditionBehavesLike.Win32.GenDownloader.dc
Trapminemalicious.high.ml.score
EmsisoftTrojan.GenericKD.41941097 (B)
IkarusTrojan-Dropper.Delf
GDataTrojan.GenericKD.41941097
JiangminTrojanDownloader.Delf.aafj
WebrootW32.Trojan.Downloader.Delf
AviraTR/Dldr.Delphi.Gen
MAXmalware (ai score=89)
Antiy-AVLTrojan/Generic.ASCommon.31
ViRobotTrojan.Win32.A.Downloader.281918[ASPack]
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Downloader/Win32.Delf.R3483
McAfeeArtemis!DB162E24EC14
VBA32TrojanDownloader.Delf
MalwarebytesMalware.AI.1637594284
TrendMicro-HouseCallTROJ_DLOADR.SMAI
TencentTrojan.Win32.Downloader.tgx
YandexTrojan.GenAsa!dETtiKvSjKU
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Delf.AZNP
FortinetW32/Delf.QEW!tr.dldr
BitDefenderThetaGen:NN.ZelphiF.34786.rW1baKJpG7mj
AVGWin32:Trojan-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Win32/TrojanDownloader.Delf.QEW?

Win32/TrojanDownloader.Delf.QEW removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment