Win32/TrojanDownloader.Delf.QFS [Threat Name] go to Threat

Win32/TrojanDownloader.Delf.QFS [Threat Variant Name]

Category trojan
Size 567296 B
Aliases TROJ_DELF.CIQ (TrendMicro)
Short description

The trojan serves as a backdoor. It can be controlled remotely. The trojan is probably a part of other malware.

Installation

When executed, the trojan copies itself into the following location:

  • %currentfolder%\­svhost.exe

The trojan deletes the original file.

Information stealing

The trojan collects the following information:

  • computer name
  • volume serial number
  • information about the operating system and system settings

The trojan attempts to send gathered information to a remote machine.

Other information

The trojan serves as a backdoor. It can be controlled remotely.


The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a list of (4) URLs. The HTTP protocol is used.


It can execute the following operations:

  • open a specific URL address
  • delete files
  • send gathered information

The trojan can open the following URLs:

  • www.google.ru
  • ru.yahoo.com

The trojan may create the following files:

  • avisou.ini
  • g.vbs
  • gg.bat
  • C:\­bwp1
  • C:\­f.vbs
  • C:\­ff.bat
  • C:\­pbw
  • C:\­winbot_
  • C:\­winbot2_

The trojan may delete the following files:

  • a0
  • g.vbs
  • gg.bat
  • C:\­bwp1
  • C:\­f.vbs
  • C:\­ff.bat
  • C:\­pbw
  • C:\­tbin_
  • C:\­winbot_
  • C:\­winbot2_

Please enable Javascript to ensure correct displaying of this content and refresh this page.