Win32/PSW.Delf.OID [Threat Name] go to Threat

Win32/PSW.Delf.OID [Threat Variant Name]

Category trojan
Size 93696 B
Detection created Oct 01, 2013
Detection database version 8864
Aliases PSW.Delf.ICN.trojan (AVG)
  TR/Dldr.Delphi.Gen (Avira)
  Win32:Malware-gen (Avast)
Short description

Win32/PSW.Delf.OID is a trojan that steals passwords and other sensitive information. The trojan attempts to send gathered information to a remote machine.

Installation

The trojan does not create any copies of itself.


In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "Wisoft servers microsoft" =" %malwarefilepath%"
Information stealing

Win32/PSW.Delf.OID is a trojan that steals sensitive information.


The trojan monitors network traffic on the following ports:

  • 0 - 65535

The following keywords are monitored:

  • mobstudio.ru
  • password

The following information is collected:

  • login user names for certain applications/services
  • login passwords for certain applications/services

The trojan attempts to send gathered information to a remote machine.


The trojan contains a URL address. The HTTP protocol is used in the communication.


Other information

The following services are disabled:

  • Windows Defender

Please enable Javascript to ensure correct displaying of this content and refresh this page.