Virus:TR/Dldr.Delf.AC
Date discovered:11/08/2010
Type:Trojan
Subtype:Downloader
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low to medium
Damage Potential:Low to medium
Static file:Yes
File size:5.600.768 Bytes
MD5 checksum:172de7dec38e8b68de6d02d71c6ba41a
IVDF version:7.10.10.127 - Tuesday, August 10, 2010

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  AVG: SHeur3.ASPJ
   •  Eset: Win32/Spy.Banker.ANV

This is a component of: TR/Dldr.Java.A


Platforms / OS:
   • Windows 98
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Downloads malicious files

 Files The following file is created:

%WINDIR%\W4.zip Furthermore it gets executed after it was fully created. It is opened using the default application for this file type.



It tries to download a file:

– The location is the following:
   • http://p**********4.jpg
It is saved on the local hard drive under: %WINDIR%\Java__Updat4.exe Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too. Detected as: TR/Agent.17591909

 File details Programming language:
 The malware program was written in Delphi.


Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

Description inserted by Carlos Valero Llabata on Wednesday, August 11, 2010
Description updated by Carlos Valero Llabata on Thursday, August 12, 2010

Back . . . .