Should I remove “Win32/TrojanDownloader.Delf_AGen.H”?

The Win32/TrojanDownloader.Delf_AGen.H is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/TrojanDownloader.Delf_AGen.H virus can do?

Creates RWX memory
Dynamic (imported) function loading detected
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Win32/TrojanDownloader.Delf_AGen.H?


File Info:
name: 590A3BEFA181C94441F1.mlw
path: /opt/CAPEv2/storage/binaries/d0f3ea9ad8d2efbc8109bfd8c1ed5815557a691f6d1867e9590995d44c1c2e37
crc32: 5FEBEDCA
md5: 590a3befa181c94441f1bf88d4a255cb
sha1: e68f9d5ac7cbf91290f1fe4daf4eb088944da64f
sha256: d0f3ea9ad8d2efbc8109bfd8c1ed5815557a691f6d1867e9590995d44c1c2e37
sha512: 29e53e5b2353c9b0bbe05f19e68897269001a4db336f10e78d8b8dd631fe67b0d38a8778585a37d14d55be67823f71f15b7fe5257083072250b22d69502a9565
ssdeep: 98304:Mb1w0/0oXsFhxvRzRKqZm8U9aHs+rnV3V:IJ+xv1HU9aHs+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T141663AA2F9846466CCF61BB1572757D42C3F7E692DD588FE32AC3848AF3A240352D247
sha3_384: 0647a4194c00577ab79897b18ee3d6bef56b9e9b13d956f6966b9ae676f681aa33fe7b6ad3e34804bdb727506091c861
ep_bytes: 558bec83c4f0b870ed7e00e87c48c0ff
timestamp: 2022-02-01 09:57:46

Version Info:
FileDescription: Deluxe Reader Combination
FileVersion: 2.4.11.2
ProgramID: Deluxe Reader Combination
ProductName: Deluxe Reader Combination
ProductVersion: 2.4.11.2
Translation: 0x0409 0x04e4

Win32/TrojanDownloader.Delf_AGen.H also known as:

MicroWorld-eScan	Trojan.GenericKD.38843988
McAfee	Artemis!590A3BEFA181
Cylance	Unsafe
Sangfor	Trojan.Win32.Sabsik.FL
K7AntiVirus	Trojan-Downloader ( 0058d8731 )
K7GW	Trojan-Downloader ( 0058d8731 )
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/TrojanDownloader.Delf_AGen.H
TrendMicro-HouseCall	TROJ_GEN.R002H0AB122
Avast	Win32:DropperX-gen [Drp]
BitDefender	Trojan.GenericKD.38843988
Emsisoft	Trojan.GenericKD.38843988 (B)
F-Secure	Heuristic.HEUR/AGEN.1142293
McAfee-GW-Edition	BehavesLike.Win32.BadFile.vh
FireEye	Trojan.GenericKD.38843988
Sophos	Mal/Generic-S
APEX	Malicious
Avira	HEUR/AGEN.1142293
Microsoft	Trojan:Win32/Sabsik.TE.B!ml
GData	Win32.Trojan.Agent.UDU11A
Cynet	Malicious (score: 99)
ALYac	Trojan.GenericKD.38843988
MAX	malware (ai score=89)
Malwarebytes	Trojan.Downloader
Ikarus	Trojan-Downloader.Win32.Delf
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Delf_AGen.H!tr.dldr
AVG	Win32:DropperX-gen [Drp]

How to remove Win32/TrojanDownloader.Delf_AGen.H?

Win32/TrojanDownloader.Delf_AGen.H removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X