Trojan

Win32/TrojanDropper.Delf.NQD information

Malware Removal

The Win32/TrojanDropper.Delf.NQD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/TrojanDropper.Delf.NQD virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Detects Sandboxie through the presence of a library
  • Sniffs keystrokes
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Harvests cookies for information gathering
  • Creates known SpyNet mutexes and/or registry changes.

How to determine Win32/TrojanDropper.Delf.NQD?



File Info:

name: C1F0CE8F63ACBC733231.mlw
path: /opt/CAPEv2/storage/binaries/69124e55023eb96869b3a3f412c3d7a87ceb492e152e48c261eb054b44f1a65b
crc32: FA1A4B67
md5: c1f0ce8f63acbc733231fe3674f7f5e6
sha1: a2f05669d9f89d80969f60a15b105737f86746c7
sha256: 69124e55023eb96869b3a3f412c3d7a87ceb492e152e48c261eb054b44f1a65b
sha512: b7fefef552ca88026a570fb9665833a0aa70db4581258c47ec5e0780c2e6794d43a6c0703f645c44e0873e44e8f9ddc802c1131ed9724bf21100a870fe9e23e3
ssdeep: 24576:DDWHSb4NDNsq7YhN+JFJvsV8zrYsYp7+bzCQL6NWEHi5a7H:e84Lsq7uKvs+wNp7xNTH
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A4351201FD96507AC6722D713979AB21293D7B201F21CA9FB3E0055E9E353E0AB34B5B
sha3_384: e58bd82c90aec2cf07ce6ff89e2988b2b18b7a2c761ad77a9acccd44d8adbe700b66aaa3b2855049367fd1e1a556ee80
ep_bytes: e864040000e988feffff3b0d68e64300
timestamp: 2021-06-11 09:16:47


Version Info:

0: [No Data]

Win32/TrojanDropper.Delf.NQD also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
CAT-QuickHealTrojanDropper.Malf.Gen
ZillyaTrojan.Agent.Win32.2205396
Cybereasonmalicious.f63acb
BaiduWin32.Trojan-Dropper.Delf.bf
CyrenW32/Injector.A.gen!Eldorado
ESET-NOD32Win32/TrojanDropper.Delf.NQD
APEXMalicious
AvastWin32:BackDoor-ACW [Trj]
KasperskyTrojan.Win32.Bublik.elnr
BitDefenderGen:Heur.Mint.Zard.35
NANO-AntivirusTrojan.Win32.Drop.cxdqig
MicroWorld-eScanGen:Heur.Mint.Zard.35
RisingMalware.Heuristic!ET#100% (RDMK:cmRtazorpN9OiCJ84WnXckH2iw0w)
EmsisoftGen:Heur.Mint.Zard.35 (B)
ComodoTrojWare.Win32.Trojan.Buzus.~AAJ@1g3vye
DrWebTrojan.PWS.Multi.76
TrendMicroTROJ_DELF.SMA
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
FireEyeGeneric.mg.c1f0ce8f63acbc73
SophosGeneric ML PUA (PUA)
IkarusTrojan-Spy.Agent
GDataGen:Heur.Mint.Zard.35
AviraTR/Spy.Gen
Antiy-AVLTrojan/Generic.ASMalwS.3A91
ArcabitTrojan.Mint.Zard.35
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
VBA32BScope.TrojanSpy.Agent
ALYacGen:Heur.Mint.Zard.35
MAXmalware (ai score=85)
MalwarebytesTrojan.Agent
TrendMicro-HouseCallTROJ_DELF.SMA
YandexBackdoor.Spynet.Gen
SentinelOneStatic AI – Malicious SFX
FortinetW32/Dropper.FT!tr
BitDefenderThetaAI:Packer.A3BE2B5C1E
AVGWin32:BackDoor-ACW [Trj]

How to remove Win32/TrojanDropper.Delf.NQD?

Win32/TrojanDropper.Delf.NQD removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment