Win32/Delf.SXD [Threat Name] go to Threat

Win32/Delf.SXD [Threat Variant Name]

Category trojan
Size 376832 B
Detection created Jul 10, 2015
Detection database version 11920
Aliases Trojan-Dropper.Win32.Sysn.anyb (Kaspersky)
Short description

Win32/Delf.SXD is a trojan which tries to download other malware from the Internet.

Installation

The trojan does not create any copies of itself.


The trojan is probably a part of other malware.


In order to be executed on system start, the trojan sets the following Registry entry:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "svchost.exe" = "%malwarefilepath%"

The trojan executes the following files:

  • %currentfolder%\­svchostupdate.exe
Other information

The trojan contains a URL address.


It tries to connect to the remote machine on port:

  • 777

The TCP protocol is used in the communication.


It tries to download a file from the address.


The file is stored in the following location:

  • %currentfolder%\­svchostupdate.exe

Please enable Javascript to ensure correct displaying of this content and refresh this page.