Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Delf

Overview

Threat Risk MEDIUM MEDIUM
Destructivity Unknown UNKNOWN
Payload Attempts to protect itself
Detection files published 27 Oct 2009 04:00:00
Description created 10 Dec 2009 04:16:00
Description updated 10 Dec 2009 04:16:00
Malware type TROJAN
Alias VirTool: Win32/DelfInject.gen!X
Trojan.Win32.Delf.ggp
Troj/Delf-KP
Riskware.Tool.DelfInject
Spreading mechanism
Summary

W32/Delf

Spreading

n/a

Payload Details

The malicious file is embedded in this program and utilizes several protection mechanisms such as anti-debug, encryption, virtual machine detection and other related anti-antivirus techniques. The program also injects the stored malicious file into a legitimate process thus hiding its own process.

Analysis

[ DetectionInfo ] * Filename: C:\Documents and Settings\norman\Desktop\83edf0b85faef769526205994ead75f2ef6e6bc0.exe. * Sandbox name: . * Signature name: NOT_SCANNED. * Compressed: NO. * TLS hooks: YES. * Executable type: Application. * Executable file structure: OK. * Filetype: PE_I386. [ General information ] * File length: 133632 bytes. * MD5 hash: 787f2a5901000d909a76ba8205061226. [ Process/window information ] * Enumerates running processes. * Creates process "sample.exe". * Reads memory in process sample.exe. * Modifies memory in process "sample.exe". * Modified OS kernel function code in process "sample.exe".

Removal

n/a


Last Updated: 12 Nov 2015 11:06:14