Win32/TrojanDownloader.Delf.PBC [Threat Name] go to Threat

Win32/TrojanDownloader.Delf.PBC [Threat Variant Name]

Category trojan
Size 342016 B
Aliases Trojan-Downloader.Win32.Delf.vwc (Kaspersky)
  Trojan.Horse (Symantec)
  Generic.Downloader.x!bgj (McAfee)
Short description

Win32/TrojanDownloader.Delf.PBC is a trojan which tries to download other malware from the Internet. The file is run-time compressed using UPX .

Installation

The trojan does not create any copies of itself.


In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "JvFullColorSpaces" = "%filepath%"
Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a list of (1) URLs.


The data is saved in the following file:

  • tmp$$$%random%.ini

The %random% represents a random number.


The trojan tries to download several files from the Internet. The HTTP protocol is used.


The files are then executed.

Please enable Javascript to ensure correct displaying of this content and refresh this page.