English
Deutsch
Francais
Español
Italian
Home
Virus Info
TR/Proxy.Delf.AA.2
Search
Home
Support
Solutions
Products
Downloads
Virus Info
Statistics
Phishing Worldmap
VDF History
Virus Science
Submit Sample
Security News
Viruses In the Wild
Company
Press
Partners
Newsletter
TR/Proxy.Delf.AA.2 - Trojan
See also
Summary
Full description
Statistics
How would you rate this information?
Worthless
Excellent
Virus:
TR/Proxy.Delf.AA.2
Date discovered:
28/11/2005
Type:
Trojan
In the wild:
No
Reported Infections:
Low
Distribution Potential:
Low
Damage Potential:
Low to medium
Static file:
Yes
File size:
14.848 Bytes
MD5 checksum:
399620492b3e054b84caecae975aba95
VDF version:
6.32.00.223
- Thu, 24 Nov 2005 14:22 (GMT+1)
General
Method of propagation:
• No own spreading routine
Alias:
• Kaspersky: Trojan-Proxy.Win32.Delf.aa
Platforms / OS:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Side effects:
• Uses its own Email engine
Files
The following file is created:
–
%malware execution directory%
\mm.pid
It tries to download a file:
– The location is the following:
• http://wm.kanny**********.info/cgi-bin5/repeaterm.fcgi?n=
%several random numbers from 0 to 9%
&lastid=&rand=%
%several random numbers from 0 to 9%
.
%several random numbers from 0 to 9%
e-0001
This file may contain information related to the email spam function.
Email
It contains an integrated SMTP engine in order to send Spam emails. A direct connection with the destination server will be established. The characteristics are described in the following:
From:
Gathered addresses from the internet. Please do not assume that it was the senders intention to send this email to you. He might not know about his infection or might not even be infected at all. Furthermore it is possible that you will receive bounced emails that tell you that you are infected. This might also not be the case.
To:
– Gathered addresses from the internet.
Mailing
Gather addresses:
It gathers addresses by contacting the following website:
• http://wm.kanny**********.info/cgi-bin5/repeaterm.fcgi?n=
%several random numbers from 0 to 9%
&lastid=&rand=%
%several random numbers from 0 to 9%
.
%several random numbers from 0 to 9%
e-0001
Backdoor
Contact server:
The following:
• http://wm.**********ciya.info/cgi-bin5/receiver.fcgi?id=
%several random numbers from 0 to 9%
&sent=
%several random numbers from 0 to 9%
&lost=&drop=&acc=
As a result it may send some information.
Sends information about:
• Current malware status
File details
Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
• UPX
See a brief description
here
.
Description inserted by Iulia Diaconescu on Mon, 28 Nov 2005 16:01 (GMT+1)
Description updated by Iulia Diaconescu on Wed, 07 Dec 2005 13:17 (GMT+1)
»
About Malware
»
About Phishing
»
Viruses In the Wild
« back
Print this page
Worm/Mytob.AT
Worm/Mytob.U
TR/Crypt.CFI.Gen
Worm/Netsky.J
Worm/Mytob.AD
HEUR/PDF.Obfuscated
SPR/mIRC.Gen
TR/Crypt.UPKM.Gen
JS/Dldr.Agent.cex
TR/Dldr.Tiny.bqw
Get comfortable up to the minute info from Avira as
Detects and removes the following malware and its variants:
Worm/Sober.J
Worm/Sober.P
Worm/Sober.Y
W32/Stanit.A
Worm/NetSky.AA
Worm/NetSky.B.1
Worm/NetSky.C
Worm/Netsky.D.Dam
Worm/NetSky.P
Worm/NetSky.X
Worm/Mytob.IN.2
Worm/Mytob.KS
TR/Spy.Banker.AATZ
TR/Spy.Banker.AATZ.1
TR/Spy.Banker.AATZ.2
TR/Spy.Banker.AATZ.3
Download here
Click
here
to get the panel...
© 2008 Avira GmbH
Copyright
Privacy
Sitemap
Feedback
Imprint
FAQ
Contact
Virus Info TR/Proxy.Delf.AA.2
Print this page
.gif)
