Win32/Delf.NTG [Threat Name] go to Threat

Win32/Delf.NTG [Threat Variant Name]

Category trojan
Size 441379 B
Detection created Dec 01, 2008
Detection database version 3653
Aliases Trojan.Win32.Regrun.cnx (Kaspersky)
  Trojan.Horse (Symantec)
  Generic.dx!fca (McAfee)
Short description

The trojan serves as a backdoor. It can be controlled remotely.

Installation

When executed, the trojan copies itself into the following location:

  • %windir%\­inf\­smss.exe (441379 B)

The following Registry entry is set:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows NT\­CurrentVersion\­Winlogon]
    • "Shell" = Explorer.exe "%windir%\­inf\­smss.exe"

This causes the trojan to be executed on every system start.

Other information

The trojan contains an URL address. It tries to download a file from the address.


The file is stored in the following location:

  • %system%\­udpflood.exe

The trojan acquires data and commands from a remote computer or the Internet.


The trojan connects to the following addresses:

  • m4x1.serve%removed%.com (TCP:64)

It can execute the following operations:

  • perform DoS/DDoS attacks
  • terminate running processes
  • download files from a remote computer and/or the Internet

Please enable Javascript to ensure correct displaying of this content and refresh this page.