Trojan

Win32/TrojanDropper.Delf.ABM removal instruction

Malware Removal

The Win32/TrojanDropper.Delf.ABM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/TrojanDropper.Delf.ABM virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Uses Windows utilities to enumerate running processes
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Detects the presence of Windows Defender AV emulator via files
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32/TrojanDropper.Delf.ABM?



File Info:

name: A8D9F54CEFDDB50752A9.mlw
path: /opt/CAPEv2/storage/binaries/e79dc59a87f78bc9b1248ac54226d74738b4c2f44bac2d1be9c876a5a15990e1
crc32: 9F912F71
md5: a8d9f54cefddb50752a96a935fd53166
sha1: aa9d664081974606a0f56374765c3ecfdd5a69d4
sha256: e79dc59a87f78bc9b1248ac54226d74738b4c2f44bac2d1be9c876a5a15990e1
sha512: fe4a117ed78155954fbeb5e1e8da283c95f077d1b0314901a45d799e4cb55cb185c3391816ad13379edfd07bc74bad9d31bee2716362c22323518d0a58e917ae
ssdeep: 24576:TS92C6aVn8XVxelCHfhtyBbsGy0bDHXVWddCz98Ajz0gEBGuhq2WP2Sn04j2Ooj5:TS9rt/WYD3IDCz2Mz0gEB0TP2Snlj2OC
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16D45E033FAD04137C2A31279BD4B47A69939FD50371854466DEC5A4C2E263E8A33B3A7
sha3_384: 1bf0f2a43fa70ee0777c9a4e82453c1b46c0088e869d87e4189c0863767475cb383accdb46341281c08be14e4091b5e8
ep_bytes: 558bec83c4f0b8407f4500e8e4e0faff
timestamp: 1992-06-19 22:22:17


Version Info:

CompanyName: Kenny Grain Also Preferences Aviation Items  Sxz
FileDescription: Lecture Tripadvisor
FileVersion: 1.589.3.1766
InternalName: Nebraska Repeated Comm Entrance Corporation Poverty
LegalCopyright: 1.589.3.1766
OriginalFilename: Kenny Grain Also Preferences Aviation Items  Sxz
ProductName: Were
ProductVersion: 1.589.3.1766
Comments: Nebraska Repeated Comm Entrance Corporation Poverty
Translation: 0x0409 0x04e4

Win32/TrojanDropper.Delf.ABM also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Agent.Y!c
Elasticmalicious (moderate confidence)
CynetMalicious (score: 100)
FireEyeTrojan.GenericKD.68724132
McAfeeArtemis!A8D9F54CEFDD
Cylanceunsafe
ZillyaBackdoor.Agent.Win32.92065
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
K7GWTrojan ( 005aa07c1 )
K7AntiVirusTrojan ( 005aa07c1 )
ArcabitTrojan.Generic.D418A5A4
CyrenW32/ABRisk.AZEE-0398
ESET-NOD32a variant of Win32/TrojanDropper.Delf.ABM
APEXMalicious
KasperskyHEUR:Backdoor.Win32.Agent.gen
BitDefenderTrojan.GenericKD.68724132
MicroWorld-eScanTrojan.GenericKD.68724132
AvastWin32:PWSX-gen [Trj]
TencentMalware.Win32.Gencirc.13ec640f
EmsisoftTrojan.GenericKD.68724132 (B)
F-SecureTrojan.TR/AD.Nekark.sqijj
VIPRETrojan.GenericKD.68724132
TrendMicroTrojanSpy.Win32.RACCOONSTEALER.YXDHOZ
McAfee-GW-EditionBehavesLike.Win32.ObfuscatedPoly.tc
SophosMal/Generic-S
JiangminBackdoor.Agent.mjy
AviraTR/AD.Nekark.sqijj
Antiy-AVLTrojan/Win32.Sabsik
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmHEUR:Backdoor.Win32.Agent.gen
GDataTrojan.GenericKD.68724132
GoogleDetected
VBA32TScope.Trojan.Delf
ALYacTrojan.GenericKD.68724132
MAXmalware (ai score=80)
MalwarebytesFloxif.Virus.FileInfector.DDS
PandaTrj/Chgt.AD
TrendMicro-HouseCallTrojanSpy.Win32.RACCOONSTEALER.YXDHOZ
RisingTrojan.Generic@AI.100 (RDML:wGR3N5WoxumZFUqIsJ4tFg)
IkarusTrojan-Dropper.Win32.Delf
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Delf.ABM!tr
AVGWin32:PWSX-gen [Trj]
DeepInstinctMALICIOUS

How to remove Win32/TrojanDropper.Delf.ABM?

Win32/TrojanDropper.Delf.ABM removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment