Win32/PSW.Delf.NYL [Threat Name] go to Threat

Win32/PSW.Delf.NYL [Threat Variant Name]

Category trojan
Size 658432 B
Detection created Jan 20, 2011
Detection database version 5803
Aliases Trojan-PSW.Win32.Mlhoter.a (Kaspersky)
  TROJ_LAMEWAR.VTG (TrendMicro)
Short description

The trojan collects information used to access certain sites. The trojan attempts to send gathered information to a remote machine.

Installation

The trojan does not create any copies of itself.


In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_LOCAL_MACHINE\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "Config xp439x" = "%malwarepath%"
Information stealing

The trojan collects information used to access certain sites.


The trojan collects information used to access the following site:

  • http://login.live.com

The following information is collected:

  • login name
  • login password

The following programs are affected:

  • Microsoft Internet Explorer

The trojan attempts to send gathered information to a remote machine.


The trojan contains an URL address. The HTTP protocol is used.


Please enable Javascript to ensure correct displaying of this content and refresh this page.