Trojan

Win32/TrojanDownloader.Delf_AGen.G removal guide

Malware Removal

The Win32/TrojanDownloader.Delf_AGen.G is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/TrojanDownloader.Delf_AGen.G virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Unconventionial binary language: Portuguese (Brazil)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Win32/TrojanDownloader.Delf_AGen.G?



File Info:

name: FB7A3FF68C462FC8AE64.mlw
path: /opt/CAPEv2/storage/binaries/4726ba761f90fdb6e564d2e6a765239ebfc5ee1865b0c6417dfd86e7256863b7
crc32: AA01F4AA
md5: fb7a3ff68c462fc8ae64af6179c912c3
sha1: cf05015973d7b6df4bc7ef4563cfdcd01b2b9242
sha256: 4726ba761f90fdb6e564d2e6a765239ebfc5ee1865b0c6417dfd86e7256863b7
sha512: baa28245cc6479bf4c141aabbceb71d0f68c9ac8bc57736ad4ab65c49ae4fde1d8979932961bd83131562d36cf5aa90416a73e8f14044815f475b241b38a0c9f
ssdeep: 98304:jiOgWl2pW7pCMoa3JCKJ478LkSmtmqwNpDauKBN6jXKy:uqCSRtqmFKBNA3
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13B569E53B384643AC0BB1A36483797A0693BB6722E259C6B37FD1E4C4F396407927367
sha3_384: 246ebe9f5d5948e59b7e5ea3194f8191115e3f2a51722741164126456a34ccef24b04e32f31e4b8577d8af652fbd5ae9
ep_bytes: 558bec83c4f0b8608f8a00e88c55b4ff
timestamp: 2022-01-31 06:10:36


Version Info:

CompanyName: Maarvin Goldfishing
FileDescription: Maarvin Goldfishing
FileVersion: 22.24.677.4
InternalName: Maarvin Goldfishing
LegalCopyright: Maarvin Goldfishing
LegalTrademarks: Maarvin Goldfishing
OriginalFilename: Maarvin Goldfishing
ProgramID: Maarvin Goldfishing
ProductName: Maarvin Goldfishing
ProductVersion: 22.24.677.4
Comments: Maarvin Goldfishing
Translation: 0x0416 0x04e4

Win32/TrojanDownloader.Delf_AGen.G also known as:

MicroWorld-eScanTrojan.GenericKD.38837110
FireEyeGeneric.mg.fb7a3ff68c462fc8
McAfeeArtemis!FB7A3FF68C46
CylanceUnsafe
ZillyaDownloader.DelfAGen.Win32.22
SangforTrojan.Win32.Sabsik.TE
BitDefenderThetaGen:NN.ZelphiCO.34182.@V0@aKqK@udO
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/TrojanDownloader.Delf_AGen.G
TrendMicro-HouseCallTROJ_GEN.R002H0AB122
Paloaltogeneric.ml
BitDefenderTrojan.GenericKD.38837110
EmsisoftTrojan.GenericKD.38837110 (B)
McAfee-GW-EditionBehavesLike.Win32.Virut.th
SophosMal/Generic-S
eGambitUnsafe.AI_Score_99%
AviraHEUR/AGEN.1132002
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Win32/Sabsik.TE.B!ml
GDataWin32.Trojan.Agent.VDD48J
CynetMalicious (score: 99)
VBA32BScope.Trojan.Tiggre
ALYacTrojan.GenericKD.38837110
MAXmalware (ai score=81)
MalwarebytesMalware.AI.3585471238
RisingDownloader.Delf_AGen!8.1311B (CLOUD)
IkarusTrojan-Downloader.Win32.Delf
FortinetW32/GenKryptik.FPAH!tr

How to remove Win32/TrojanDownloader.Delf_AGen.G?

Win32/TrojanDownloader.Delf_AGen.G removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment