Win32/Spy.Delf.OHI [Threat Name] go to Threat

Win32/Spy.Delf.OHI [Threat Variant Name]

Category trojan
Size 213504 B
Detection created May 20, 2010
Detection database version 5131
Aliases Trojan-Banker.Win32.Banker.affj (Kaspersky)
  TrojanSpy:Win32/Delf.CM (Microsoft)
  GenericPWS.y!bfr.trojan (McAfee)
Short description

Win32/Spy.Delf.OHI is a trojan that steals sensitive information. The trojan attempts to send gathered information to a remote machine. The file is run-time compressed using UPX .

Installation

The trojan does not create any copies of itself.

Information stealing

The trojan searches for files with the following file extensions:

  • *.wab
  • *.dbx
  • *.mbx
  • *.mai
  • *.eml
  • *.tbb
  • *.mbox

The following information is collected:

  • file(s) content
  • e-mail addresses
  • computer name

The collected information is stored in the following file:

  • c:\­borapo.txt

The trojan attempts to send gathered information to a remote machine.


The trojan sends the information via e-mail.


The trojan contains a list of (1) e-mail addresses.

Other information

The trojan executes the following commands:

  • net stop SharedAccess

This disables the Internet Connection Firewall (ICF)/Internet Connection Sharing (ICS) service.

Please enable Javascript to ensure correct displaying of this content and refresh this page.