Win32/Delf.STD [Threat Name] go to Threat

Win32/Delf.STD [Threat Variant Name]

Category trojan
Size 572928 B
Detection created May 05, 2015
Detection database version 11578
Aliases Trojan:Win32/Delfsnif.gen!I (Microsoft)
Short description

Win32/Delf.STD is a trojan that steals sensitive information. The trojan attempts to send gathered information to a remote machine.

Installation

When executed, the trojan copies itself into the following location:

  • %system%\­WinTask.EXE

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "WinTask" = "%system%\­WinTask.EXE"

The trojan may set the following Registry entries:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Internet Explorer]
    • "Version" = "6"
  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­MSNHelper]
    • "%xml_filename%" = 0
Information stealing

The trojan collects the following information:

  • user name
  • computer name
  • file(s) content

The trojan gathers information related to the following services:

  • MSN

The trojan searches for files with the following file extensions:

  • .xml

Only folders and files which contain one of the following string in their path are searched:

  • %personal%\­我接收到的文件

The trojan attempts to send the found files to a remote machine. The SMTP protocol is used.

Please enable Javascript to ensure correct displaying of this content and refresh this page.