Home / malware TrojanDownloader:Win32/Delf.IZ
First posted on 09 April 2010.
Source: SecurityHomeAliases :
TrojanDownloader:Win32/Delf.IZ is also known as TR/Dldr.Delphi.Gen (Avira), Trojan-Downloader.Win32.Genome.anle (Kaspersky), Generic Downloader.x!dil (McAfee), Trj/Banbra.GQO (Panda).
Explanation :
TrojanDownloader:Win32/Delf.IZ is a detection for a trojan that downloads arbitrary files from a predefined Web address.
Top
TrojanDownloader:Win32/Delf.IZ is a detection for a trojan that downloads arbitrary files from a predefined Web address. InstallationThis trojan may be installed by other malware such as TrojanDownloader:Win32/Delf.JA. When run, TrojanDownloader:Win32/Delf.IZ creates a copy of itself as the following file: <system folder>\spoolva.exe The registry is modified to run the trojan copy at each Windows start. Adds value: "VrfUpd"
With data: €œ<system folder>\spoolva.exe"
To subkey: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Payload Downloads arbitrary filesThis trojan attempts to connect to the IP address "69.175.35.210" to downloaded arbitrary files. Analyzed by Wei LiLast update 09 April 2010
