Win32/PSW.Delf.OBN [Threat Name] go to Threat

Win32/PSW.Delf.OBN [Threat Variant Name]

Category trojan
Size 518144 B
Detection created Aug 22, 2011
Detection database version 6399
Aliases Trojan-PSW.Win32.Fareit.om (Kaspersky)
  PWS:Win32/Fareit.A (Microsoft)
  Infostealer (Symantec)
Short description

Win32/PSW.Delf.OBN is a trojan that steals sensitive information. The trojan attempts to send gathered information to a remote machine.

Installation

The trojan does not create any copies of itself.

Information stealing

Win32/PSW.Delf.OBN is a trojan that steals sensitive information.


The trojan collects information related to the following applications:

  • 32bit FTP
  • 888Poker
  • Absolute Poker
  • Apple Safari
  • BitKinex
  • BulletProof FTP Client
  • CakePoker
  • Classic FTP
  • CoffeeCup FTP
  • Core FTP
  • CritComb
  • CuteFTP
  • Directory Opus
  • ExpanDrive
  • FAR Manager FTP
  • FFFTP
  • FileZilla
  • FlashFXP
  • Fling
  • Flock
  • FreeFTP/DirectFTP
  • Frigate3 FTP
  • FTP Commander
  • FTP Control
  • FTP Explorer
  • FTP Uploader
  • FTPRush
  • Google Chrome
  • LeapFTP
  • Mozilla Browser
  • Mozilla Firefox
  • MS Internet Explorer
  • MS RDP
  • NetDrive
  • Opera
  • PartyPoker
  • POKERSTARS
  • SeaMonkey
  • SecureFX
  • SmartFTP
  • SoftX FTP Client
  • TitanPoker
  • TurboFTP
  • UB.COM
  • UltraFXP
  • WebDrive
  • WebSitePublisher
  • Windows/Total Commander
  • WinSCP
  • WS_FTP

The trojan collects the following information:

  • login user names for certain applications/services
  • login passwords for certain applications/services

The trojan attempts to send gathered information to a remote machine.


The trojan contains an URL address. The HTTP protocol is used.

Other information

The trojan creates the following file:

  • %temp%\­~unins%variable%.bat

The trojan executes the following command:

  • cmd.exe /c %temp%\­~unins%variable%.bat "%malwarefilepath%"

The variable %variable% represents a variable 4 digit number.


The trojan removes itself from the computer.

Please enable Javascript to ensure correct displaying of this content and refresh this page.