Categories: Trojan

Win32/TrojanDropper.Delf.NQD information

The Win32/TrojanDropper.Delf.NQD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/TrojanDropper.Delf.NQD virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Attempts to connect to a dead IP:Port (1 unique times)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Dynamic (imported) function loading detected
Enumerates running processes
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Drops a binary and executes it
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Detects Sandboxie through the presence of a library
Sniffs keystrokes
Behavioural detection: Injection (inter-process)
Behavioural detection: Injection with CreateRemoteThread in a remote process
Created a process from a suspicious location
Installs itself for autorun at Windows startup
Harvests cookies for information gathering
Creates known SpyNet mutexes and/or registry changes.

How to determine Win32/TrojanDropper.Delf.NQD?


File Info:
name: C1F0CE8F63ACBC733231.mlwpath: /opt/CAPEv2/storage/binaries/69124e55023eb96869b3a3f412c3d7a87ceb492e152e48c261eb054b44f1a65bcrc32: FA1A4B67md5: c1f0ce8f63acbc733231fe3674f7f5e6sha1: a2f05669d9f89d80969f60a15b105737f86746c7sha256: 69124e55023eb96869b3a3f412c3d7a87ceb492e152e48c261eb054b44f1a65bsha512: b7fefef552ca88026a570fb9665833a0aa70db4581258c47ec5e0780c2e6794d43a6c0703f645c44e0873e44e8f9ddc802c1131ed9724bf21100a870fe9e23e3ssdeep: 24576:DDWHSb4NDNsq7YhN+JFJvsV8zrYsYp7+bzCQL6NWEHi5a7H:e84Lsq7uKvs+wNp7xNTHtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1A4351201FD96507AC6722D713979AB21293D7B201F21CA9FB3E0055E9E353E0AB34B5Bsha3_384: e58bd82c90aec2cf07ce6ff89e2988b2b18b7a2c761ad77a9acccd44d8adbe700b66aaa3b2855049367fd1e1a556ee80ep_bytes: e864040000e988feffff3b0d68e64300timestamp: 2021-06-11 09:16:47
Version Info:
0: [No Data]

Win32/TrojanDropper.Delf.NQD also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
CAT-QuickHeal	TrojanDropper.Malf.Gen
Zillya	Trojan.Agent.Win32.2205396
Cybereason	malicious.f63acb
Baidu	Win32.Trojan-Dropper.Delf.bf
Cyren	W32/Injector.A.gen!Eldorado
ESET-NOD32	Win32/TrojanDropper.Delf.NQD
APEX	Malicious
Avast	Win32:BackDoor-ACW [Trj]
Kaspersky	Trojan.Win32.Bublik.elnr
BitDefender	Gen:Heur.Mint.Zard.35
NANO-Antivirus	Trojan.Win32.Drop.cxdqig
MicroWorld-eScan	Gen:Heur.Mint.Zard.35
Rising	Malware.Heuristic!ET#100% (RDMK:cmRtazorpN9OiCJ84WnXckH2iw0w)
Emsisoft	Gen:Heur.Mint.Zard.35 (B)
Comodo	TrojWare.Win32.Trojan.Buzus.~AAJ@1g3vye
DrWeb	Trojan.PWS.Multi.76
TrendMicro	TROJ_DELF.SMA
McAfee-GW-Edition	BehavesLike.Win32.Generic.tc
FireEye	Generic.mg.c1f0ce8f63acbc73
Sophos	Generic ML PUA (PUA)
Ikarus	Trojan-Spy.Agent
GData	Gen:Heur.Mint.Zard.35
Avira	TR/Spy.Gen
Antiy-AVL	Trojan/Generic.ASMalwS.3A91
Arcabit	Trojan.Mint.Zard.35
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
VBA32	BScope.TrojanSpy.Agent
ALYac	Gen:Heur.Mint.Zard.35
MAX	malware (ai score=85)
Malwarebytes	Trojan.Agent
TrendMicro-HouseCall	TROJ_DELF.SMA
Yandex	Backdoor.Spynet.Gen
SentinelOne	Static AI – Malicious SFX
Fortinet	W32/Dropper.FT!tr
BitDefenderTheta	AI:Packer.A3BE2B5C1E
AVG	Win32:BackDoor-ACW [Trj]